Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple PopUps and BlueScreen of Deaths


  • This topic is locked This topic is locked
10 replies to this topic

#1 usspatch

usspatch

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 13 September 2014 - 02:56 PM

Hello everyone.  I'm running Windows 7 64 with an AMD processor.  I'm suddenly getting multiple Pop Ups and finding the "Blue Screen of Death" after running MalwareBytes and or Superantispyware.  My AVG antivirus is block all sorts of bad things.  I downloaded Hijackthis.  I was hoping someone would be kind enough to have a look and point me in the right direction.

Here is the HijackThis Log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:24:55 PM, on 9/13/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)

FIREFOX: 32.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Rick\Downloads\volumouse\volumouse.exe
C:\Users\Rick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMConfig.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMProcess.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Rick\AppData\Local\Idle~_~Crawler\Idle~_~Crawler.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\Rick\Downloads\HijackThis.exe
C:\Users\Rick\AppData\Local\IDLE~_~1\CHROME~1\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Users\Rick\Downloads\volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Rick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_554F09F6EF2194379EF187460292DAF5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Rick\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5b51a9e0c43c47d0982ad14b34fbba17-a3ce580e03132841881070f75e9e4caa79cd2f75 /CMPID=0214c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH431581PY05XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Dropbox.lnk = Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Monitor Ink Alerts - .lnk = ?
O4 - Startup: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iSyncr.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\iHome\Mouse Driver\KMWDSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Torntv Downloader (trntv) - Unknown owner - C:\Users\Rick\AppData\Roaming\TornTV.com\TornTVSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17009 bytes
 

Thanks for any help you could give


Edited by hamluis, 14 September 2014 - 07:15 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 18 September 2014 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

HijackThis is not ready for the 64 bits Operating system.
I suggest you remove it using the Add/Remove program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 usspatch

usspatch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 September 2014 - 05:24 PM

Thanks for your help

Here is the log from Malwarebytes

I had run Malwarebytes a few days prior and quarentined items at that time. I did not however select Detections and Protections or Rootkits at that time.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 9/7/2014 11:09:41 PM, SYSTEM, RICK-PC, Protection, Malware Protection, Starting,
Protection, 9/7/2014 11:09:41 PM, SYSTEM, RICK-PC, Protection, Malware Protection, Started,
Protection, 9/7/2014 11:09:41 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/7/2014 11:09:43 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Update, 9/7/2014 11:10:04 PM, SYSTEM, RICK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1,
Update, 9/7/2014 11:10:06 PM, SYSTEM, RICK-PC, Manual, Malware Database, 2014.3.4.9, 2014.9.8.1,
Protection, 9/7/2014 11:10:07 PM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/7/2014 11:10:07 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/7/2014 11:10:07 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/7/2014 11:10:11 PM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/7/2014 11:10:11 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/7/2014 11:10:12 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/7/2014 11:16:10 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 91.188.48.70, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:16:10 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 91.188.48.70, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:16:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 212.117.183.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:16:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 212.117.183.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:09 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 188.65.50.37, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:09 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 188.65.50.37, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 89.248.169.6, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 89.248.169.6, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 93.115.85.39, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 93.115.85.39, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 213.238.175.70, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 213.238.175.70, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 193.194.84.195, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 193.194.84.195, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:56 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 94.102.56.181, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:17:56 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 94.102.56.181, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:18:00 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 31.192.57.55, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:18:00 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 31.192.57.55, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:22:40 PM, SYSTEM, RICK-PC, Protection, Malware Protection, File, PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6, Quarantine, [f33e7f6cc5b6ae88ca3751afb15212ee]
Detection, 9/7/2014 11:26:36 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 41.35.35.151, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:26:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 41.35.35.151, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:35:40 PM, SYSTEM, RICK-PC, Protection, Malware Protection, File, PUP.Optional.CrossRider.T, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6, Quarantine, [f33e7f6cc5b6ae88ca3751afb15212ee]
Protection, 9/7/2014 11:35:40 PM, SYSTEM, RICK-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6,
Error, 9/7/2014 11:35:40 PM, SYSTEM, RICK-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6,
Detection, 9/7/2014 11:38:12 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.118.160, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:38:12 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.118.160, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:38:13 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.118.160, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:42:40 PM, SYSTEM, RICK-PC, Protection, Malware Protection, File, PUP.Optional.CrossRider.T, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6, Quarantine, [f33e7f6cc5b6ae88ca3751afb15212ee]
Protection, 9/7/2014 11:42:40 PM, SYSTEM, RICK-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6,
Error, 9/7/2014 11:42:40 PM, SYSTEM, RICK-PC, Protection, SDKQuarantine, 2, Failed, c:\windows\system32\tasks\974970fd-4f41-4161-b6fb-6aa6d78fa6e3-6,
Detection, 9/7/2014 11:47:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 195.216.182.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:47:38 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 195.216.182.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:48:14 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 222.75.167.82, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:48:14 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 222.75.167.82, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:48:34 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 77.78.217.73, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:48:34 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 77.78.217.73, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:00 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 195.216.179.146, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:00 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 195.216.179.146, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:29 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.186.74, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:29 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.186.74, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:29 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.186.74, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:32 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.186.74, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:49:33 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 218.9.186.74, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:57:19 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 31.184.192.175, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/7/2014 11:57:19 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 31.184.192.175, 17034, Inbound, C:\Program Files\BitComet\BitComet.exe,

(end)

 

Thank Again



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 21 September 2014 - 06:21 AM

Can I see the other logs.

#5 usspatch

usspatch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 21 September 2014 - 10:43 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

 

I ran this one last week -  took about 7 hours - Hope this helps

Detection, 9/13/2014 3:10:07 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58486, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:10:07 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58486, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:10:07 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58487, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:20:17 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62077, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:31:20 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63660, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:30:24 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, 114467url.directdisplayad.com, 56362, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:30:24 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, 114467url.directdisplayad.com, 56362, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:46:04 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52995, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:48:36 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55360, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:50:59 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 57201, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:01:18 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50173, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:01:18 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50173, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:51 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51595, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:51 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51596, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:51 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51597, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:51 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51599, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:53 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51730, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:08:53 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51731, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:11:19 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55104, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 7:03:38 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64147, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 7:05:38 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65205, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 7:05:38 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65206, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Protection, 9/13/2014 7:47:45 AM, SYSTEM, RICK-PC, Protection, Malware Protection, Starting,
Protection, 9/13/2014 7:47:45 AM, SYSTEM, RICK-PC, Protection, Malware Protection, Started,
Protection, 9/13/2014 7:47:45 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 7:50:04 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 8:01:22 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50996, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 8:01:22 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50996, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 8:01:22 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50999, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 8:03:26 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51679, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 8:05:32 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52123, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Update, 9/13/2014 8:12:07 AM, SYSTEM, RICK-PC, Scheduler, Malware Database, 2014.9.13.1, 2014.9.13.2,
Protection, 9/13/2014 8:12:09 AM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 8:12:09 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 8:12:09 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 8:12:26 AM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 8:12:26 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 8:12:27 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Update, 9/13/2014 8:58:14 AM, SYSTEM, RICK-PC, Scheduler, Malware Database, 2014.9.13.2, 2014.9.13.3,
Protection, 9/13/2014 8:58:15 AM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 8:58:15 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 8:58:15 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 8:59:50 AM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 8:59:50 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 8:59:51 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 9:00:54 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56923, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 9:00:54 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56923, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 9:03:30 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 58343, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 9:06:02 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 60202, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 10:06:04 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49239, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 10:09:18 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51793, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 11:01:48 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64010, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 11:01:49 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64010, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 11:04:26 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65462, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 11:06:57 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51383, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Update, 9/13/2014 11:45:08 AM, SYSTEM, RICK-PC, Scheduler, Malware Database, 2014.9.13.3, 2014.9.13.4,
Protection, 9/13/2014 11:45:10 AM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 11:45:10 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 11:45:12 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 11:46:39 AM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 11:46:39 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 11:46:39 AM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Protection, 9/13/2014 12:14:31 PM, SYSTEM, RICK-PC, Protection, Malware Protection, Starting,
Protection, 9/13/2014 12:14:31 PM, SYSTEM, RICK-PC, Protection, Malware Protection, Started,
Protection, 9/13/2014 12:14:31 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 12:16:21 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 12:25:52 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50249, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 12:25:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50249, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 12:25:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50250, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 12:42:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, 114467url.directdisplayad.com, 58407, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 12:42:28 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, 114467url.directdisplayad.com, 58407, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Update, 9/13/2014 12:58:01 PM, SYSTEM, RICK-PC, Scheduler, Malware Database, 2014.9.13.4, 2014.9.13.6,
Protection, 9/13/2014 12:58:04 PM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 12:58:04 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 12:58:04 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 12:58:09 PM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 12:58:09 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 12:58:10 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 1:01:16 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52287, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 1:01:16 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52287, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 1:04:14 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54337, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 1:06:17 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55029, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 2:01:48 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54473, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 2:03:18 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 55539, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Update, 9/13/2014 2:05:16 PM, SYSTEM, RICK-PC, Scheduler, Rootkit Database, 2014.9.12.1, 2014.9.13.1,
Protection, 9/13/2014 2:05:18 PM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 2:05:18 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 2:05:18 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 2:05:24 PM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 2:05:24 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 2:05:24 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 2:09:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56724, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 2:09:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56724, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 2:09:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 56725, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:08:01 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64827, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:09:55 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65240, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 3:13:27 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49810, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:03:21 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 63255, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:07:09 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50868, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:07:15 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51016, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:07:15 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51017, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:07:15 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51018, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 4:09:52 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 52131, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:01:38 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64402, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:01:39 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 64402, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:03:41 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 65136, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:07:24 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51156, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 5:15:17 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 54925, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Update, 9/13/2014 5:16:35 PM, SYSTEM, RICK-PC, Scheduler, Malware Database, 2014.9.13.6, 2014.9.13.7,
Protection, 9/13/2014 5:16:36 PM, SYSTEM, RICK-PC, Protection, Refresh, Starting,
Protection, 9/13/2014 5:16:36 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/13/2014 5:16:37 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/13/2014 5:16:41 PM, SYSTEM, RICK-PC, Protection, Refresh, Success,
Protection, 9/13/2014 5:16:41 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/13/2014 5:16:42 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, Started,
Detection, 9/13/2014 5:50:52 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 75.64.131.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:50:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 75.64.131.25, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:50:53 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 91.214.203.65, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:50:54 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 91.214.203.65, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:03 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 219.151.155.20, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:03 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 219.151.155.20, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:11 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 212.117.183.19, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:11 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 212.117.183.19, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:11 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 185.21.216.133, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:11 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 185.21.216.133, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:32 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 85.234.189.221, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:51:32 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 85.234.189.221, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:52:33 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 213.55.114.173, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 5:52:33 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 213.55.114.173, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 6:15:00 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62465, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:15:01 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62465, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:15:01 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 62466, Outbound, C:\Users\Rick\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe,
Detection, 9/13/2014 6:50:54 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 41.35.35.151, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,
Detection, 9/13/2014 6:50:55 PM, SYSTEM, RICK-PC, Protection, Malicious Website Protection, IP, 41.35.35.151, 17034, Outbound, C:\Program Files\BitComet\BitComet.exe,

(end)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 21 September 2014 - 12:26 PM

Sorry no.

Best you can do is clean everything that is found by MBAM.

Run the other two tools and post the logs for my review.

#7 usspatch

usspatch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 24 September 2014 - 06:30 PM

Here is the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Rick (administrator) on RICK-PC on 24-09-2014 16:13:49
Running from C:\Users\Rick\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(UASSOFT.COM) C:\Program Files (x86)\iHome\Mouse Driver\KMWDSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
() C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NirSoft) C:\Users\Rick\Downloads\volumouse\volumouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation) C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(UASSOFT.COM) C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(UASSOFT.COM) C:\Program Files (x86)\iHome\Mouse Driver\KMCONFIG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(UASSOFT.COM) C:\Program Files (x86)\iHome\Mouse Driver\KMProcess.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\Rick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [KMCONFIG] => C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [$Volumouse$] => C:\Users\Rick\Downloads\volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [Google Update] => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-28] (Google Inc.)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [MusicManager] => C:\Users\Rick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [GoogleChromeAutoLaunch_554F09F6EF2194379EF187460292DAF5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-22] (Google Inc.)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Rick\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5b51a9e0c43c47d0982ad14b34fbba17-a3ce580e03132841881070f75e9e4caa79cd2f75 /CMPID=0214c
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: {86321d86-2e9c-11e4-ba1e-0002721f53e4} - F:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: {a29095b1-cdca-11e2-9278-0002721f53e4} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: {a3df695d-cf71-11e0-b0fe-6c626dc8f235} - L:\setup.exe -a
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: {c947761f-0753-11e4-960a-0002721f53e4} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\MountPoints2: {d2e19f40-270e-11e1-9923-0002721f53e4} - F:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{2882EAA0-4E57-4CD7-AC8D-6892C330299C}\_E1B6D02A7555771B045D58.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope {63BCB992-F5FC-46C3-880C-0060467F9BB0} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Handler-x32: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\btxppanel.dll (Broadcom Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\5wcg7o3z.default-1410719316648
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: DownloadHelper - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\5wcg7o3z.default-1410719316648\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-20]
FF Extension: Download Manager (S3) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\5wcg7o3z.default-1410719316648\Extensions\s3download@statusbar.xpi [2014-09-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-26]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN12436917673681380&UM=2&sspv=CHNTR1"
CHR NewTab: Default -> "chrome-extension://neebgdeaohaofdhldpobdpfocdonmgki/Search/NewTabPages/html/new_tab.html",
            "chrome-extension://klibnahbojhkanfgaglnlalfkgpcppfi/Search/NewTabPages/html/new_tab.html",
            "chrome-extension://cabjkppaeecehnglfhpipgdkfchjgbim/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN12436917673681380&sspv=CHNTR1&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avery Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj [2012-11-02]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (MixiDJ V18) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim [2013-04-20]
CHR Extension: (Amazing Coupons) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-04-20]
CHR Extension: (Vafmusic) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Rick\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-24]
CHR HKCU\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Rick\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 btwdins; C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe [163840 2004-11-09] (Broadcom Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 KMWDSERVICE; C:\Program Files (x86)\iHome\Mouse Driver\KMWDSrv.exe [208896 2008-06-23] (UASSOFT.COM) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2012-06-01] ()
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [79052 2011-08-18] (Oak Technology Inc.) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S0 BTKRNL; C:\Windows\SysWOW64\drivers\btkrnl.sys [1241754 2004-11-02] (Broadcom Corporation) [File not signed]
S2 BTSERIAL; C:\Windows\SysWOW64\drivers\btserial.sys [23271 2004-11-02] (Broadcom Corporation) [File not signed]
S2 BTSLBCSP; C:\Windows\SysWOW64\drivers\btslbcsp.sys [222876 2004-11-02] (Broadcom Corporation) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-24] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 16:13 - 2014-09-24 16:14 - 00031362 _____ () C:\Users\Rick\Downloads\FRST.txt
2014-09-24 16:13 - 2014-09-24 16:13 - 00000000 ____D () C:\FRST
2014-09-24 16:12 - 2014-09-24 16:13 - 02106880 _____ (Farbar) C:\Users\Rick\Downloads\FRST64.exe
2014-09-24 08:29 - 2014-09-24 08:30 - 00000000 ____D () C:\Users\Rick\AppData\Local\{DC04612F-C34D-4F19-99CF-C696DEB342C1}
2014-09-23 20:29 - 2014-09-23 20:29 - 00000000 ____D () C:\Users\Rick\AppData\Local\{02A69D69-AEDA-4A74-A044-1651C23D0369}
2014-09-23 14:36 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 14:36 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 08:29 - 2014-09-23 08:29 - 00000000 ____D () C:\Users\Rick\AppData\Local\{DC144B98-8EB1-4B3E-955E-F38AA21F9ACA}
2014-09-22 20:28 - 2014-09-22 20:28 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E5858C49-055C-49DD-8526-5A655F252C39}
2014-09-22 08:27 - 2014-09-22 08:27 - 00000000 ____D () C:\Users\Rick\AppData\Local\{37F1CE22-6641-4DC1-B5EF-D8A4EBD9E33F}
2014-09-22 06:33 - 2014-09-22 06:33 - 00000000 ____D () C:\Users\Rick\Desktop\New folder
2014-09-21 20:26 - 2014-09-21 20:27 - 00000000 ____D () C:\Users\Rick\AppData\Local\{6F076C61-D1EB-4D9A-90CF-DCDF51E043F5}
2014-09-21 08:26 - 2014-09-21 08:26 - 00000000 ____D () C:\Users\Rick\AppData\Local\{3FF2AE69-A37B-46CC-8369-27E4E5E585E5}
2014-09-20 20:24 - 2014-09-20 20:25 - 00000000 ____D () C:\Users\Rick\AppData\Local\{EC68EF3B-D60C-4E0B-A91B-375B6E865164}
2014-09-20 15:31 - 2014-09-20 15:33 - 00043551 _____ () C:\Users\Rick\Desktop\October.xlsx
2014-09-20 15:30 - 2014-09-20 15:30 - 01023612 _____ () C:\Users\Rick\Desktop\Schedule 2014.xlsx
2014-09-20 14:23 - 2014-09-20 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rick\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 08:24 - 2014-09-20 08:24 - 00000000 ____D () C:\Users\Rick\AppData\Local\{CCD4CA5F-557F-4507-B1BB-1ADAAF1339B1}
2014-09-18 23:38 - 2014-09-18 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 08:12 - 2014-09-17 08:12 - 00291536 _____ () C:\Windows\Minidump\091714-47330-01.dmp
2014-09-14 21:39 - 2014-09-14 21:39 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E4AAA81E-BD09-4798-A787-6FB2D409A5F9}
2014-09-14 11:21 - 2014-09-14 11:28 - 00000000 ____D () C:\Users\Rick\Desktop\Old Firefox Data
2014-09-14 00:37 - 2014-09-14 00:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\{6ED9DA89-24C7-4015-B66A-2AE610FF1F12}
2014-09-13 15:16 - 2014-09-13 15:16 - 00017950 _____ () C:\Users\Rick\Downloads\Unconfirmed 918863.crdownload
2014-09-13 12:36 - 2014-09-13 12:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\{0D3C05C4-C578-47DD-9410-A3189C82E7B0}
2014-09-13 12:13 - 2014-09-13 12:13 - 00291536 _____ () C:\Windows\Minidump\091314-32292-01.dmp
2014-09-13 11:08 - 2014-09-13 12:25 - 00017011 _____ () C:\Users\Rick\Downloads\hijackthis.log
2014-09-13 10:57 - 2014-09-13 10:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rick\Downloads\HijackThis.exe
2014-09-12 21:14 - 2014-09-12 21:14 - 00624784 _____ () C:\Users\Rick\Downloads\Unconfirmed 487477.crdownload
2014-09-12 21:13 - 2014-09-12 21:13 - 00120262 _____ () C:\Users\Rick\Downloads\Unconfirmed 191053.crdownload
2014-09-12 20:31 - 2014-09-12 20:31 - 00289648 _____ () C:\Windows\Minidump\091214-32541-01.dmp
2014-09-11 22:34 - 2014-09-11 22:34 - 00291536 _____ () C:\Windows\Minidump\091114-31559-01.dmp
2014-09-11 12:39 - 2014-09-11 12:39 - 02394816 _____ () C:\Users\Rick\Downloads\Unconfirmed 269634.crdownload
2014-09-11 06:11 - 2014-09-11 06:11 - 00332168 _____ () C:\Windows\Minidump\091114-49670-01.dmp
2014-09-10 03:50 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:50 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:50 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:50 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:50 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:50 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:50 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:50 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:50 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:50 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:50 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:50 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:50 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:50 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:50 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:50 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:50 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:50 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:50 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:50 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:50 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:50 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:50 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:50 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:50 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:50 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:50 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:50 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:50 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:50 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:50 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:50 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:50 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:50 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:50 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:50 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:50 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:50 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:50 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:50 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:50 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:50 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:50 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:49 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:49 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:49 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:49 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:49 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:49 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:49 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:49 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:49 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:49 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:49 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:49 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:49 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:07 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:07 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 02:25 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:25 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 02:24 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:24 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:24 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:24 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:24 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 02:24 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 02:24 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 02:24 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 02:24 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 23:09 - 2014-09-24 16:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 23:09 - 2014-09-20 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 23:09 - 2014-09-20 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 23:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 23:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\Users\Rick\AppData\Local\{120909A0-B96F-45FF-80CD-6949390BF385}
2014-09-07 09:38 - 2014-09-07 09:38 - 00000000 ____D () C:\Users\Rick\AppData\Local\{5982EAC4-3730-4592-B371-ADA78AD38D86}
2014-09-06 21:36 - 2014-09-06 21:36 - 00000000 ____D () C:\Users\Rick\AppData\Local\{66C0FEA1-CB94-4CED-A1FC-F91D036B1025}
2014-09-06 09:34 - 2014-09-06 09:34 - 00000000 ____D () C:\Users\Rick\AppData\Local\{85FBC1BF-5400-4761-8009-15735CE23A37}
2014-09-05 21:33 - 2014-09-05 21:33 - 00000000 ____D () C:\Users\Rick\AppData\Local\{2CEDCA2B-D2AE-4357-8D1A-DB160E73A62D}
2014-09-05 09:31 - 2014-09-05 09:31 - 00000000 ____D () C:\Users\Rick\AppData\Local\{35B34BF4-9160-4C04-B01E-D9BE004E44B6}
2014-09-04 21:30 - 2014-09-04 21:30 - 00000000 ____D () C:\Users\Rick\AppData\Local\{9756C7A8-04DF-403D-9119-70E55F23F3A6}
2014-09-04 09:27 - 2014-09-04 09:28 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E530C830-FADB-47D5-8831-F3BF826295CA}
2014-09-03 21:26 - 2014-09-03 21:27 - 00000000 ____D () C:\Users\Rick\AppData\Local\{BC53E34C-C70F-4B53-9859-E0FEE8BB9330}
2014-09-03 14:59 - 2014-09-03 14:59 - 02602683 _____ () C:\Users\Rick\Downloads\Unconfirmed 931100.crdownload
2014-09-03 14:59 - 2014-09-03 14:59 - 02602678 _____ () C:\Users\Rick\Downloads\Unconfirmed 623458.crdownload
2014-09-03 14:58 - 2014-09-03 14:58 - 02602842 _____ () C:\Users\Rick\Downloads\Unconfirmed 617789.crdownload
2014-09-03 06:24 - 2014-09-03 06:25 - 01346825 _____ () C:\Users\Rick\Downloads\Unconfirmed 89427.crdownload
2014-09-03 05:59 - 2014-09-03 06:00 - 00291488 _____ () C:\Windows\Minidump\090314-47393-01.dmp
2014-09-03 03:22 - 2014-09-03 03:22 - 00159103 _____ () C:\Users\Rick\Downloads\Unconfirmed 882737.crdownload
2014-09-02 22:26 - 2014-09-02 22:26 - 00327664 _____ () C:\Users\Rick\Downloads\Unconfirmed 597046.crdownload
2014-09-02 21:45 - 2014-09-02 21:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{54F9AB78-5747-4357-83C3-BB3FEE80B44A}
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\WebExtend
2014-09-02 19:43 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\Idle~_~Crawler
2014-09-02 19:41 - 2014-09-08 06:06 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-02 19:41 - 2014-09-02 19:41 - 00000000 ____D () C:\Users\Rick\AppData\Local\globalUpdate
2014-09-02 03:50 - 2014-09-02 03:50 - 00000000 ____D () C:\Users\Rick\AppData\Local\{1C47C76D-8861-49F5-8302-E3545306F31A}
2014-09-01 15:49 - 2014-09-01 15:50 - 00000000 ____D () C:\Users\Rick\AppData\Local\{2E6CED11-39E2-4203-9CBB-319F85254E49}
2014-09-01 08:38 - 2014-09-01 08:38 - 00038145 _____ () C:\Users\Rick\Desktop\Sept Revised.xlsx
2014-09-01 03:48 - 2014-09-01 03:49 - 00000000 ____D () C:\Users\Rick\AppData\Local\{4A91B28A-C8ED-4E4A-BEA7-A7EA63CCFBFD}
2014-08-31 15:48 - 2014-08-31 15:48 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8E8CF4C2-9FBF-4E53-AE3E-5B6894B191F9}
2014-08-31 08:23 - 2014-08-31 08:23 - 00000000 _____ () C:\Users\Rick\Downloads\9bd0c571a4104694d2cb45226fde67481399447202-640-360-1800-h264.flv
2014-08-31 08:23 - 2014-08-31 08:23 - 00000000 _____ () C:\Users\Rick\Downloads\9bd0c571a4104694d2cb45226fde67481399447202-640-360-1800-h264(2).flv
2014-08-31 03:47 - 2014-08-31 03:48 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8BE7AAD8-3AFC-4F81-84F4-2D9F7C264156}
2014-08-30 15:47 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\Rick\AppData\Local\{151E617E-0C60-462F-AD93-F6BA1E368F1D}
2014-08-30 03:46 - 2014-08-30 03:47 - 00000000 ____D () C:\Users\Rick\AppData\Local\{D96F529D-D016-4EA1-8F96-36BD96BBF41F}
2014-08-29 15:46 - 2014-08-29 15:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{112D5265-F1E9-4F78-BF31-ED15395488B7}
2014-08-29 02:00 - 2014-09-01 15:34 - 00000000 ____D () C:\Users\Rick\AppData\Local\Adobe
2014-08-29 00:46 - 2014-08-29 00:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{7883E54A-1CAC-4AC8-B3BA-2C05583B01FE}
2014-08-28 12:45 - 2014-08-28 12:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{F4AD45BC-5270-4A94-A265-46CC1A5B39D3}
2014-08-28 00:45 - 2014-08-28 00:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{A24DA647-FC95-4BC1-8FF4-0134E19A4929}
2014-08-27 21:03 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:03 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:03 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 12:44 - 2014-08-27 12:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{B080AE46-8AD4-44F5-A82C-EAC25622269E}
2014-08-27 00:44 - 2014-08-27 00:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\{BD9DBFBC-1BC3-42FC-840F-C346C5F80825}
2014-08-26 12:44 - 2014-08-26 12:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\{A6690431-E543-49F0-BC4B-55512C17B662}
2014-08-25 22:37 - 2014-08-25 22:38 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8B265066-1CF7-4D48-A669-B76E658C30E5}
2014-08-25 10:36 - 2014-08-25 10:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\{5D973245-B427-4AE8-8F32-522C6C203B67}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 16:14 - 2014-09-24 16:13 - 00031362 _____ () C:\Users\Rick\Downloads\FRST.txt
2014-09-24 16:13 - 2014-09-24 16:13 - 00000000 ____D () C:\FRST
2014-09-24 16:13 - 2014-09-24 16:12 - 02106880 _____ (Farbar) C:\Users\Rick\Downloads\FRST64.exe
2014-09-24 16:10 - 2011-08-28 16:55 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\BitComet
2014-09-24 16:04 - 2014-09-07 23:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 16:04 - 2011-08-18 09:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-24 15:35 - 2012-04-08 20:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 15:23 - 2012-12-28 21:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216875959-1886396651-3189536190-1000UA.job
2014-09-24 15:22 - 2011-08-18 09:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 14:32 - 2011-11-30 07:32 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9f9e5b6e-1262-43be-90a0-cfd6c8e5055d.job
2014-09-24 14:30 - 2011-08-16 22:31 - 01438790 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 10:23 - 2012-12-28 21:19 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216875959-1886396651-3189536190-1000Core.job
2014-09-24 09:35 - 2009-07-13 21:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 09:35 - 2009-07-13 21:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 08:30 - 2014-09-24 08:29 - 00000000 ____D () C:\Users\Rick\AppData\Local\{DC04612F-C34D-4F19-99CF-C696DEB342C1}
2014-09-24 08:25 - 2013-08-13 09:43 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-24 07:35 - 2012-04-08 20:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 07:35 - 2012-04-08 20:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 07:35 - 2011-08-17 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 02:00 - 2011-11-30 07:32 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1ba74100-0f94-4073-8a4c-7867d1daca47.job
2014-09-23 23:22 - 2011-08-18 09:29 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 20:29 - 2014-09-23 20:29 - 00000000 ____D () C:\Users\Rick\AppData\Local\{02A69D69-AEDA-4A74-A044-1651C23D0369}
2014-09-23 08:29 - 2014-09-23 08:29 - 00000000 ____D () C:\Users\Rick\AppData\Local\{DC144B98-8EB1-4B3E-955E-F38AA21F9ACA}
2014-09-22 20:28 - 2014-09-22 20:28 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E5858C49-055C-49DD-8526-5A655F252C39}
2014-09-22 08:27 - 2014-09-22 08:27 - 00000000 ____D () C:\Users\Rick\AppData\Local\{37F1CE22-6641-4DC1-B5EF-D8A4EBD9E33F}
2014-09-22 06:33 - 2014-09-22 06:33 - 00000000 ____D () C:\Users\Rick\Desktop\New folder
2014-09-21 21:21 - 2013-03-06 11:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-21 20:27 - 2014-09-21 20:26 - 00000000 ____D () C:\Users\Rick\AppData\Local\{6F076C61-D1EB-4D9A-90CF-DCDF51E043F5}
2014-09-21 08:26 - 2014-09-21 08:26 - 00000000 ____D () C:\Users\Rick\AppData\Local\{3FF2AE69-A37B-46CC-8369-27E4E5E585E5}
2014-09-20 20:25 - 2014-09-20 20:24 - 00000000 ____D () C:\Users\Rick\AppData\Local\{EC68EF3B-D60C-4E0B-A91B-375B6E865164}
2014-09-20 15:33 - 2014-09-20 15:31 - 00043551 _____ () C:\Users\Rick\Desktop\October.xlsx
2014-09-20 15:32 - 2009-07-13 22:13 - 00822196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 15:30 - 2014-09-20 15:30 - 01023612 _____ () C:\Users\Rick\Desktop\Schedule 2014.xlsx
2014-09-20 14:24 - 2014-09-07 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-20 14:24 - 2014-09-07 23:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-20 14:24 - 2013-06-30 18:07 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 14:23 - 2014-09-20 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rick\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 13:53 - 2011-08-18 08:29 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\foobar2000
2014-09-20 13:20 - 2013-11-26 09:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-20 08:24 - 2014-09-20 08:24 - 00000000 ____D () C:\Users\Rick\AppData\Local\{CCD4CA5F-557F-4507-B1BB-1ADAAF1339B1}
2014-09-20 08:03 - 2014-08-24 08:15 - 00000000 ___RD () C:\Users\Rick\Google Drive
2014-09-20 08:03 - 2013-05-12 06:58 - 00000000 ___RD () C:\Users\Rick\Dropbox
2014-09-20 08:03 - 2013-05-11 17:42 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\Dropbox
2014-09-20 08:02 - 2011-12-30 00:22 - 00000000 ____D () C:\Users\Rick\Documents\JRT Studio
2014-09-20 08:00 - 2014-01-11 10:22 - 00008428 _____ () C:\Windows\setupact.log
2014-09-20 08:00 - 2011-08-17 09:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 08:00 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 07:59 - 2012-05-03 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 23:39 - 2014-09-18 23:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 18:15 - 2013-05-11 17:44 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 08:12 - 2014-09-17 08:12 - 00291536 _____ () C:\Windows\Minidump\091714-47330-01.dmp
2014-09-17 08:12 - 2011-12-23 08:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 08:11 - 2014-04-27 06:57 - 1132012392 _____ () C:\Windows\MEMORY.DMP
2014-09-14 21:39 - 2014-09-14 21:39 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E4AAA81E-BD09-4798-A787-6FB2D409A5F9}
2014-09-14 11:30 - 2014-02-12 04:49 - 01215408 _____ () C:\Windows\PFRO.log
2014-09-14 11:28 - 2014-09-14 11:21 - 00000000 ____D () C:\Users\Rick\Desktop\Old Firefox Data
2014-09-14 00:37 - 2014-09-14 00:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\{6ED9DA89-24C7-4015-B66A-2AE610FF1F12}
2014-09-13 15:16 - 2014-09-13 15:16 - 00017950 _____ () C:\Users\Rick\Downloads\Unconfirmed 918863.crdownload
2014-09-13 12:37 - 2014-09-13 12:36 - 00000000 ____D () C:\Users\Rick\AppData\Local\{0D3C05C4-C578-47DD-9410-A3189C82E7B0}
2014-09-13 12:25 - 2014-09-13 11:08 - 00017011 _____ () C:\Users\Rick\Downloads\hijackthis.log
2014-09-13 12:13 - 2014-09-13 12:13 - 00291536 _____ () C:\Windows\Minidump\091314-32292-01.dmp
2014-09-13 10:57 - 2014-09-13 10:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rick\Downloads\HijackThis.exe
2014-09-13 07:46 - 2014-05-13 06:14 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-09-12 22:04 - 2013-11-26 09:08 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\tigerplayer
2014-09-12 21:14 - 2014-09-12 21:14 - 00624784 _____ () C:\Users\Rick\Downloads\Unconfirmed 487477.crdownload
2014-09-12 21:13 - 2014-09-12 21:13 - 00120262 _____ () C:\Users\Rick\Downloads\Unconfirmed 191053.crdownload
2014-09-12 20:31 - 2014-09-12 20:31 - 00289648 _____ () C:\Windows\Minidump\091214-32541-01.dmp
2014-09-12 16:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2014-09-12 16:05 - 2013-10-31 05:00 - 00000000 ____D () C:\Users\Rick\AppData\Local\NativeMessaging
2014-09-11 22:34 - 2014-09-11 22:34 - 00291536 _____ () C:\Windows\Minidump\091114-31559-01.dmp
2014-09-11 12:39 - 2014-09-11 12:39 - 02394816 _____ () C:\Users\Rick\Downloads\Unconfirmed 269634.crdownload
2014-09-11 06:11 - 2014-09-11 06:11 - 00332168 _____ () C:\Windows\Minidump\091114-49670-01.dmp
2014-09-10 16:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 03:46 - 2011-08-17 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:42 - 2011-08-18 11:03 - 00814318 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:39 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:13 - 2011-08-17 08:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 03:06 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 15:11 - 2014-09-23 14:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 14:47 - 2014-09-23 14:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-08 06:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2014-09-08 06:06 - 2014-09-02 19:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-08 06:06 - 2014-04-10 07:00 - 00000000 ____D () C:\Users\Rick\AppData\Local\TB
2014-09-08 06:04 - 2013-04-20 07:21 - 00000000 ____D () C:\Users\Rick\AppData\Local\CRE
2014-09-08 06:04 - 2012-10-17 17:04 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-09-07 23:09 - 2013-06-30 18:07 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\Malwarebytes
2014-09-07 23:09 - 2013-06-30 18:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 23:09 - 2013-06-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\Users\Rick\AppData\Local\{120909A0-B96F-45FF-80CD-6949390BF385}
2014-09-07 09:38 - 2014-09-07 09:38 - 00000000 ____D () C:\Users\Rick\AppData\Local\{5982EAC4-3730-4592-B371-ADA78AD38D86}
2014-09-06 21:36 - 2014-09-06 21:36 - 00000000 ____D () C:\Users\Rick\AppData\Local\{66C0FEA1-CB94-4CED-A1FC-F91D036B1025}
2014-09-06 09:34 - 2014-09-06 09:34 - 00000000 ____D () C:\Users\Rick\AppData\Local\{85FBC1BF-5400-4761-8009-15735CE23A37}
2014-09-05 21:33 - 2014-09-05 21:33 - 00000000 ____D () C:\Users\Rick\AppData\Local\{2CEDCA2B-D2AE-4357-8D1A-DB160E73A62D}
2014-09-05 09:31 - 2014-09-05 09:31 - 00000000 ____D () C:\Users\Rick\AppData\Local\{35B34BF4-9160-4C04-B01E-D9BE004E44B6}
2014-09-04 21:30 - 2014-09-04 21:30 - 00000000 ____D () C:\Users\Rick\AppData\Local\{9756C7A8-04DF-403D-9119-70E55F23F3A6}
2014-09-04 19:10 - 2014-09-10 02:24 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-10 02:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 09:28 - 2014-09-04 09:27 - 00000000 ____D () C:\Users\Rick\AppData\Local\{E530C830-FADB-47D5-8831-F3BF826295CA}
2014-09-03 21:27 - 2014-09-03 21:26 - 00000000 ____D () C:\Users\Rick\AppData\Local\{BC53E34C-C70F-4B53-9859-E0FEE8BB9330}
2014-09-03 14:59 - 2014-09-03 14:59 - 02602683 _____ () C:\Users\Rick\Downloads\Unconfirmed 931100.crdownload
2014-09-03 14:59 - 2014-09-03 14:59 - 02602678 _____ () C:\Users\Rick\Downloads\Unconfirmed 623458.crdownload
2014-09-03 14:58 - 2014-09-03 14:58 - 02602842 _____ () C:\Users\Rick\Downloads\Unconfirmed 617789.crdownload
2014-09-03 06:25 - 2014-09-03 06:24 - 01346825 _____ () C:\Users\Rick\Downloads\Unconfirmed 89427.crdownload
2014-09-03 06:00 - 2014-09-03 05:59 - 00291488 _____ () C:\Windows\Minidump\090314-47393-01.dmp
2014-09-03 03:22 - 2014-09-03 03:22 - 00159103 _____ () C:\Users\Rick\Downloads\Unconfirmed 882737.crdownload
2014-09-02 22:26 - 2014-09-02 22:26 - 00327664 _____ () C:\Users\Rick\Downloads\Unconfirmed 597046.crdownload
2014-09-02 21:45 - 2014-09-02 21:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{54F9AB78-5747-4357-83C3-BB3FEE80B44A}
2014-09-02 19:44 - 2014-09-02 19:44 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\WebExtend
2014-09-02 19:44 - 2014-09-02 19:43 - 00000000 ____D () C:\Users\Rick\AppData\Local\Idle~_~Crawler
2014-09-02 19:41 - 2014-09-02 19:41 - 00000000 ____D () C:\Users\Rick\AppData\Local\globalUpdate
2014-09-02 08:21 - 2012-06-10 08:28 - 00000000 ____D () C:\Users\Rick\Documents\Calibre Library
2014-09-02 08:10 - 2014-08-03 06:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 08:10 - 2014-04-02 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 03:50 - 2014-09-02 03:50 - 00000000 ____D () C:\Users\Rick\AppData\Local\{1C47C76D-8861-49F5-8302-E3545306F31A}
2014-09-01 15:50 - 2014-09-01 15:49 - 00000000 ____D () C:\Users\Rick\AppData\Local\{2E6CED11-39E2-4203-9CBB-319F85254E49}
2014-09-01 15:34 - 2014-08-29 02:00 - 00000000 ____D () C:\Users\Rick\AppData\Local\Adobe
2014-09-01 08:38 - 2014-09-01 08:38 - 00038145 _____ () C:\Users\Rick\Desktop\Sept Revised.xlsx
2014-09-01 08:20 - 2011-12-09 22:54 - 00000000 ____D () C:\Users\Rick\Desktop\Work 1209
2014-09-01 08:03 - 2014-02-23 16:19 - 00000000 ____D () C:\Books
2014-09-01 03:49 - 2014-09-01 03:48 - 00000000 ____D () C:\Users\Rick\AppData\Local\{4A91B28A-C8ED-4E4A-BEA7-A7EA63CCFBFD}
2014-08-31 15:48 - 2014-08-31 15:48 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8E8CF4C2-9FBF-4E53-AE3E-5B6894B191F9}
2014-08-31 12:14 - 2011-12-30 00:22 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\JRT Studio
2014-08-31 08:31 - 2012-06-10 08:28 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\calibre
2014-08-31 08:23 - 2014-08-31 08:23 - 00000000 _____ () C:\Users\Rick\Downloads\9bd0c571a4104694d2cb45226fde67481399447202-640-360-1800-h264.flv
2014-08-31 08:23 - 2014-08-31 08:23 - 00000000 _____ () C:\Users\Rick\Downloads\9bd0c571a4104694d2cb45226fde67481399447202-640-360-1800-h264(2).flv
2014-08-31 03:48 - 2014-08-31 03:47 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8BE7AAD8-3AFC-4F81-84F4-2D9F7C264156}
2014-08-30 15:47 - 2014-08-30 15:47 - 00000000 ____D () C:\Users\Rick\AppData\Local\{151E617E-0C60-462F-AD93-F6BA1E368F1D}
2014-08-30 03:47 - 2014-08-30 03:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{D96F529D-D016-4EA1-8F96-36BD96BBF41F}
2014-08-29 15:46 - 2014-08-29 15:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{112D5265-F1E9-4F78-BF31-ED15395488B7}
2014-08-29 00:46 - 2014-08-29 00:46 - 00000000 ____D () C:\Users\Rick\AppData\Local\{7883E54A-1CAC-4AC8-B3BA-2C05583B01FE}
2014-08-28 22:35 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-28 12:46 - 2014-08-28 12:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{F4AD45BC-5270-4A94-A265-46CC1A5B39D3}
2014-08-28 03:23 - 2009-07-13 21:45 - 04996984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:45 - 2014-08-28 00:45 - 00000000 ____D () C:\Users\Rick\AppData\Local\{A24DA647-FC95-4BC1-8FF4-0134E19A4929}
2014-08-27 12:45 - 2014-08-27 12:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\{B080AE46-8AD4-44F5-A82C-EAC25622269E}
2014-08-27 03:04 - 2014-04-28 19:27 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\HpUpdate
2014-08-27 00:44 - 2014-08-27 00:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\{BD9DBFBC-1BC3-42FC-840F-C346C5F80825}
2014-08-26 12:44 - 2014-08-26 12:44 - 00000000 ____D () C:\Users\Rick\AppData\Local\{A6690431-E543-49F0-BC4B-55512C17B662}
2014-08-26 07:30 - 2014-03-25 18:08 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-25 22:38 - 2014-08-25 22:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\{8B265066-1CF7-4D48-A669-B76E658C30E5}
2014-08-25 10:37 - 2014-08-25 10:36 - 00000000 ____D () C:\Users\Rick\AppData\Local\{5D973245-B427-4AE8-8F32-522C6C203B67}

Some content of TEMP:
====================
C:\Users\Rick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2zcnll.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 00:50

 

This is the AdwCleaner Log

 

# AdwCleaner v3.310 - Report created 24/09/2014 at 16:25:30
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rick - RICK-PC
# Running from : C:\Users\Rick\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Found : C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx
File Found : C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx
File Found : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Movdap
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Tepfel
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Rick\AppData\Local\apn
Folder Found : C:\Users\Rick\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Rick\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Rick\AppData\Local\Conduit
Folder Found : C:\Users\Rick\AppData\Local\DirectDownloader
Folder Found : C:\Users\Rick\AppData\Local\getsavin
Folder Found : C:\Users\Rick\AppData\Local\globalUpdate
Folder Found : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim
Folder Found : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl
Folder Found : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Folder Found : C:\Users\Rick\AppData\Local\Idle~_~Crawler
Folder Found : C:\Users\Rick\AppData\Local\NativeMessaging
Folder Found : C:\Users\Rick\AppData\Local\WhiteListing
Folder Found : C:\Users\Rick\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Rick\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Rick\AppData\LocalLow\Conduit
Folder Found : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\n6j8mt0o.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\Rick\AppData\Roaming\WebExtend
Folder Found : C:\Users\Rick\Documents\Updater
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled Tasks ] *****

Task Found : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim
Key Found : HKCU\Software\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287375
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3290973
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\5wcg7o3z.default-1410719316648\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN12436917673681380&ctid=CT3289847&UM=2&sspv=CHNTR1
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN12436917673681380&UM=2&sspv=CHNTR1
Found [Extension] : cabjkppaeecehnglfhpipgdkfchjgbim
Found [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
Found [Extension] : jplinpmadfkdgipabgcdchbdikologlh
Found [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Found [Extension] : mjildcbkilmkddbbpbjljljdmmlfeppl
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Found [Extension] : neebgdeaohaofdhldpobdpfocdonmgki

*************************

AdwCleaner[R0].txt - [19811 octets] - [24/09/2014 16:25:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19872 octets] ##########

Thanks again for helping

==================== End Of Log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 25 September 2014 - 09:41 AM

Please run the AdwCleaner tool and clean everything that is found.
===

Next,

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-26]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN12436917673681380&UM=2&sspv=CHNTR1"
CHR NewTab: Default -> "chrome-extension://neebgdeaohaofdhldpobdpfocdonmgki/Search/NewTabPages/html/new_tab.html",
"chrome-extension://klibnahbojhkanfgaglnlalfkgpcppfi/Search/NewTabPages/html/new_tab.html",
"chrome-extension://cabjkppaeecehnglfhpipgdkfchjgbim/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN12436917673681380&sspv=CHNTR1&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (MixiDJ V18) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim [2013-04-20]
CHR Extension: (Amazing Coupons) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-04-20]
CHR Extension: (Vafmusic) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki [2013-05-08]
CHR HKCU\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Rick\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#9 usspatch

usspatch
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 27 September 2014 - 11:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Rick at 2014-09-25 15:55:12 Run:1
Running from C:\Users\Rick\Downloads
Loaded Profile: Rick (Available profiles: Rick & UpdatusUser)
Boot Mode: Normal
==============================================

 

Ran FRST. Here is the log.  Tried running SecurityCheck twice, all night, when I came to the computer in the morning the system had rebooted and I was unable to find a checkup.txt anywhere on my computer.  Ran it again today.  It's been running now for about 12 hours.  Still says "performing system health check".  Does that seem right?

Thank you again for your help.

 

Content of fixlist:
*****************
start

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-26]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN12436917673681380&UM=2&sspv=CHNTR1"
CHR NewTab: Default -> "chrome-extension://neebgdeaohaofdhldpobdpfocdonmgki/Search/NewTabPages/html/new_tab.html",
"chrome-extension://klibnahbojhkanfgaglnlalfkgpcppfi/Search/NewTabPages/html/new_tab.html",
"chrome-extension://cabjkppaeecehnglfhpipgdkfchjgbim/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN12436917673681380&sspv=CHNTR1&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (MixiDJ V18) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim [2013-04-20]
CHR Extension: (Amazing Coupons) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-04-20]
CHR Extension: (Vafmusic) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki [2013-05-08]
CHR HKCU\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Rick\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [cabjkppaeecehnglfhpipgdkfchjgbim] - C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

End
*****************

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Ask.com\Updater\Updater.exe => No running process found
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3216875959-1886396651-3189536190-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKCR\PROTOCOLS\Handler\widimg" => Key deleted successfully.
"HKCR\CLSID\{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => Value not found.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 not found.
Chrome StartupUrls deleted successfully.
Chrome NewTab deleted successfully.
"chrome-extension://klibnahbojhkanfgaglnlalfkgpcppfi/Search/NewTabPages/html/new_tab.html", => Error: No automatic fix found for this entry.
"chrome-extension://cabjkppaeecehnglfhpipgdkfchjgbim/Search/NewTabPages/html/new_tab.html" => Error: No automatic fix found for this entry.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Conduit ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll not found.
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim => Moved successfully.
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl => Moved successfully.
C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim" => Key not found.
"C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key not found.
"C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanoehjhfnnichccofiabhckegmaaj" => Key deleted successfully.
"C:\Users\Rick\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cabjkppaeecehnglfhpipgdkfchjgbim" => Key not found.
"C:\Users\Rick\AppData\Local\CRE\cabjkppaeecehnglfhpipgdkfchjgbim.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key not found.
"C:\Users\Rick\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.

==== End of Fixlog ====



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 28 September 2014 - 08:28 AM

Tried running SecurityCheck twice, all night, when I came to the computer in the morning the system had rebooted and I was unable to find a checkup.txt anywhere on my computer. Ran it again today. It's been running now for about 12 hours. Still says "performing system health check". Does that seem right?
Thank you again for your help.


Stop the process if not already done.
===

The SecurityCheck tool will check for old versions of Java, Adobe Reader and Flash.

You can check the using the links below.
Remove any old versions.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java x Update xx

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 04 October 2014 - 09:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users