Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Browser Redirection


  • This topic is locked This topic is locked
7 replies to this topic

#1 SteveHNo96

SteveHNo96

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 18 September 2014 - 10:25 AM

When I go to rushlimbaugh.com using IE, sometimes one of the stories redirects me to a site I know is unsafe, asking me to update my flash player.

I have not tried this using Firefox and my flash player is up to date.

BC AdBot (Login to Remove)

 


m

#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 PM

Posted 19 September 2014 - 10:38 AM

Hello and welcome to Bleeping Computer.

Please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Edited by CatByte, 22 September 2014 - 12:17 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 22 September 2014 - 03:53 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Betty (administrator) on BETTY-PC on 19-09-2014 21:01:03
Running from C:\Users\Betty\Music
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [Facebook Update] => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-10] (Facebook Inc.)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-18] (SUPERAntiSpyware)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Betty\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9 --CMPID 0913a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {32281bfc-75d1-11e2-bcf0-f46d040aec26} - F:\LaunchU3.exe -a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {655a16da-80a6-11e0-87f0-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC4107D173DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?mtmhp=hyplogusaolp00000004
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.4-1310
HKLM\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKCU - DefaultScope {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {490741D6-C358-4246-B3B1-2871790E1962} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
SearchScopes: HKCU - {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B9229261-6DF3-446C-9009-59A8C75F9E83}&mid=cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-12 11:43:34&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80898&lng=en
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -  No File
Toolbar: HKCU - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 68.116.46.115 69.144.127.53

FireFox:
========
FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: DeSopa - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\desopa@congress.public.xpi [2011-12-24]
FF Extension: Adblock Plus - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-05]
FF Extension: QuickJava - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635"
CHR DefaultSearchKeyword: Default -> D14BA286E029905C0225BCBF02D15C0E4CD7AFF775933AA6979D6C28D5E5C974
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-21]
CHR Extension: (Google Search) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-21]
CHR Extension: (Ataxx) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggphgiokpinojcbcjlllgfpccanileip [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Monolith Burger Boy) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbhpogkmlpjhpjmohlnpdojdcmelhfd [2013-10-03]
CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-21]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-14] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1459872 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 09:21 - 2014-09-18 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-18 05:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 05:18 - 2014-09-19 21:01 - 00000000 ____D () C:\FRST
2014-09-11 13:27 - 2014-09-18 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 22:37 - 2014-03-06 08:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\procexp.exe
2014-09-10 22:13 - 2011-09-02 04:08 - 00094208 _____ () C:\Users\Betty\AppData\Local\common_functions.dll
2014-09-10 22:13 - 2011-08-26 03:09 - 00940544 _____ (Apache Software Foundation) C:\Users\Betty\AppData\Local\log4cxx.dll
2014-09-10 22:05 - 2014-05-12 08:27 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\autoruns.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:13 - 2014-09-10 21:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:06 - 2014-09-10 21:37 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:05 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:05 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:05 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:05 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:05 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:05 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:05 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:05 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:05 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:05 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:05 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:05 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:05 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:05 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:05 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:05 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:05 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:05 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:05 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:05 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:05 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:05 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:05 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:05 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-03 10:52 - 2014-09-18 20:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:04 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 01:04 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-22 07:01 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 07:01 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 07:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 07:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:01 - 2014-09-18 05:18 - 00000000 ____D () C:\FRST
2014-09-19 20:54 - 2014-06-29 01:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-19 20:40 - 2011-05-17 10:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 20:15 - 2012-04-11 06:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 20:10 - 2011-05-20 16:22 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 19:44 - 2012-12-10 17:39 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job
2014-09-19 17:17 - 2013-01-06 22:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-19 17:10 - 2011-05-20 16:22 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 16:44 - 2012-12-10 17:39 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job
2014-09-19 08:16 - 2011-10-31 16:37 - 00000000 ____D () C:\Program Files\CouponAlert_2pEI
2014-09-19 07:04 - 2011-05-20 16:22 - 00000000 ____D () C:\Users\Betty\AppData\Local\Google
2014-09-19 07:03 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 07:03 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 07:00 - 2011-05-17 10:01 - 01671692 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 06:55 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 06:55 - 2009-07-13 21:39 - 00065556 _____ () C:\Windows\setupact.log
2014-09-18 20:30 - 2014-09-03 10:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 09:21 - 2014-09-18 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-18 09:21 - 2014-09-11 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-18 05:23 - 2014-01-29 02:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-18 05:21 - 2014-06-23 16:13 - 00000000 ____D () C:\AdwCleaner
2014-09-18 05:12 - 2011-05-17 10:02 - 00000000 ____D () C:\Users\Betty
2014-09-18 05:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-18 05:11 - 2014-06-30 14:24 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\VideoStripPokerHD
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Video Strip Poker HD
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Common Files\TorquemadaGames
2014-09-18 05:10 - 2014-05-09 22:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 05:10 - 2012-05-09 07:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-18 05:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-09-18 01:38 - 2011-05-31 02:44 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-11 13:27 - 2013-10-15 19:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 13:26 - 2011-05-20 17:52 - 00000000 ____D () C:\Program Files\Java
2014-09-11 00:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:42 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 22:50 - 2010-11-20 14:48 - 00313354 _____ () C:\Windows\PFRO.log
2014-09-10 21:37 - 2014-09-10 21:06 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:27 - 2013-09-29 10:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-10 21:23 - 2011-05-17 10:16 - 00000000 ____D () C:\Program Files\AVG
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:22 - 2014-03-12 11:42 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-10 21:21 - 2014-03-31 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-10 21:21 - 2011-05-27 00:54 - 00000000 ___HD () C:\$AVG
2014-09-10 21:20 - 2014-09-10 21:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:02 - 2010-11-20 14:01 - 00740322 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:59 - 2013-07-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:52 - 2011-05-20 17:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 10:15 - 2012-04-11 06:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 10:15 - 2011-05-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 23:14 - 2012-01-21 10:40 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-07-01 10:18 - 00000000 ____D () C:\Users\Betty\AppData\Local\Adobe
2014-09-03 10:52 - 2011-06-19 13:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\Program Files\Adobe
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:09 - 2009-07-13 21:33 - 00312712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 00:50 - 2012-01-21 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 09:05 - 2014-03-10 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 03:34 - 2011-08-16 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-08-23 03:33 - 2014-06-25 16:41 - 00000000 ____D () C:\Users\Betty\AppData\Local\AskPartnerNetwork
2014-08-23 03:33 - 2014-03-10 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-08-22 18:46 - 2014-09-02 01:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 17:42 - 2014-09-02 01:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys

Files to move or delete:
====================
C:\Users\Betty\mbam-setup-1.61.0.1400.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 03:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Betty at 2014-09-19 21:01:48
Running from C:\Users\Betty\Music
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Angry Birds Space (HKLM\...\{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}) (Version: 1.0.0 - Rovio)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{5CA86DBC-3F01-09AF-C67C-99557DB3E1F5}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Big Money Deluxe 1.3 (HKLM\...\Big Money Deluxe 1.3) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Czech (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Greek (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Polish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Thai (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Turkish (Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
cheat-generator (HKCU\...\754f99ddbeb2449d) (Version: 1.0.0.12 - cheat-generator)
Civilization III Complete Edition (Version: 1.00.0000 - 2K Games) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Elements (HKLM\...\Elements) (Version: 1.1.0.0 - MumboJumbo)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fishdom (HKLM\...\Fishdom) (Version:  - Pogo.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heavy Weapon (HKLM\...\Heavy Weapon) (Version:  - PopCap Games)
Heroine's Quest version 1.2 (HKLM\...\{20C02693-C3CF-4A3A-939F-A44F001C3EF4}_is1) (Version: 1.2 - Screen 7)
HP Deskjet 1010 series Basic Device Software (HKLM\...\{B3AB3A67-2BCF-4A50-9FBF-4700DCFC5C45}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1010 series Help (HKLM\...\{BFB6C2B0-9643-4B59-A706-71DEB3017A99}) (Version: 30.0.0 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{600AB648-F79B-41EC-B426-A49A7DB121EA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Incinerations version 1.0 (HKLM\...\{15C2A1E0-09A8-4EF9-8EF7-7A4D4A007B3A}_is1) (Version: 1.0 - Box of Mystery)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Larry (HKLM\...\Larry) (Version: 2.1.2.0 - Replay Games Inc.)
Leisure Suit Larry 7 - Love for Sail! (HKLM\...\GOGPACKLARRY7WIN_is1) (Version: 2.0.0.11 - GOG.com)
Leisure Suit Larry Reloaded V1.01 (HKLM\...\{08FD469F-BC89-4982-8FB0-7633DBF092CE}) (Version: 1.01 - Replay Games Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Media Go Video Playback Engine 1.64.103.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.103.02270 - Sony)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.2.6.12389 - Sony Computer Entertainment Inc.)
Pogo Games (HKLM\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Product Improvement Study for HP Deskjet 1010 series (HKLM\...\{5FF72EA4-F641-44A7-97FE-E6A02C141738}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Space Quest 2 VGA 1.1 (HKLM\...\Space Quest 2 VGA) (Version:  - Infamous Adventures)
Strip Poker For Free - Rachel (HKLM\...\Strip Poker For Free) (Version:  - ©2008 Strip Poker Arts)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wcaiper (Version: 011.000.1647 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.3161 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0218 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (Version: 012.000.1508 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 wcaiper (Version: 013.000.1149 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1790 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Video Strip Poker Classic (HKLM\...\Video Strip Poker) (Version:  - ©2002-2007 Torquemada Games)
Video Strip Poker HD (HKLM\...\Video Strip Poker HD) (Version:  - Torquemada Games)
Video Strip Poker Supreme (HKLM\...\Video Strip Poker Supreme) (Version:  - Torquemada Games)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vohaul Strikes Back version 1.0.3.0 (HKLM\...\{90F3E0D4-E2F5-4420-8152-2C0B3CFD61BB}_is1) (Version: 1.0.3.0 - VSB team)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points  =========================

10-09-2014 07:17:14 Scheduled Checkpoint
11-09-2014 03:42:33 Windows Update
11-09-2014 04:09:27 Installed AVG 2015
11-09-2014 04:14:32 Installed AVG 2015
11-09-2014 09:26:02 9/11/14
11-09-2014 20:25:04 Removed Java 7 Update 67
11-09-2014 20:26:36 Installed Java 7 Update 67
18-09-2014 12:00:03 Restore Operation
18-09-2014 12:33:18 Checkpoint by HitmanPro
18-09-2014 16:20:13 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015E77C7-1A09-44B1-97C6-7B0B7035DAA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CCC7066-3BD9-4CBF-9E5B-89F6100FFE3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {2DD77A9C-1DEC-4BB6-A097-E270929B8C4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {4AAE2113-E803-49D0-8273-3BD7DB7D2AF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {519A31DB-BB1B-40C3-ACEF-16376B7D5910} - System32\Tasks\HP AR Program Upload - b8aff90fe9b046469cfbb0d953b680886dd5f41e16934b5bb73976d1b87c790f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7E3B8A6D-7415-479E-ACCA-AE04CB050EFF} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {8C938260-7C08-44B9-8A9A-4A0B563ABF78} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {97050CE7-786A-439B-8731-3D7452DDAA03} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {99234CC6-D3D8-4BCF-8370-CB1AF9C9627A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {A353F1CC-ADD2-47C3-BFD1-99D6C564316C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {AC1BA06C-DEBE-439D-8E1F-578029EDAFA1} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {B0CB800A-6247-4F29-AEEC-FF9679B8A06E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF4401A-B0A9-41AC-9E7C-DA8B85896612} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:364682BC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2014 08:21:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 12.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c74

Start Time: 01cfd41c9fc216e8

Termination Time: 15

Application Path: C:\Users\Betty\Music\FRST.exe

Report Id: 9a5f0c0b-4010-11e4-a91b-f46d040aec26

Error: (09/19/2014 06:57:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b64

Start Time: 01cfd4117699cf54

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e2cc3389-4004-11e4-a91b-f46d040aec26

Error: (09/19/2014 06:56:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2014 00:36:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2014 00:35:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 09:46:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 09:45:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/18/2014 09:22:25 AM) (Source: MsiInstaller) (EventID: 11719) (User: Betty-PC)
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (09/18/2014 05:15:05 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (09/18/2014 05:14:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (09/19/2014 04:11:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (09/19/2014 04:11:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (09/19/2014 08:16:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/19/2014 08:16:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PGMTrusted service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (05/11/2014 11:32:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1161 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/09/2014 03:19:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50920 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 06:54:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 449 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 07:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/25/2013 09:57:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/23/2012 03:27:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127496 seconds with 1020 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 57%
Total physical RAM: 3326.18 MB
Available physical RAM: 1427.64 MB
Total Pagefile: 6650.65 MB
Available Pagefile: 3836.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:615.71 GB) NTFS
Drive e: (DISK1) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6BDA37CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

I *think* the site itself may have malware on there. I recently tried it with my laptop and got the same redirection. I can't say for sure so I will send you this log as well.

 



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 PM

Posted 22 September 2014 - 12:35 PM

it may take several rounds with different tools to resolve, so please stick with me.

Please do the following:

Download attached fixlist.txt file and save it to the C:\Users\Betty\Music folder as that is where FRST.exe is saved.

Attached File  FixList.txt   830bytes   2 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 24 September 2014 - 04:18 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014
Ran by Betty at 2014-09-24 02:13:22 Run:2
Running from C:\Users\Betty\Music
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -  No File
Toolbar: HKCU - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-27 09:05 - 2014-03-10 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-23 03:33 - 2014-06-25 16:41 - 00000000 ____D () C:\Users\Betty\AppData\Local\AskPartnerNetwork
2014-08-23 03:33 - 2014-03-10 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
EmptyTemp:
end

 

 

 

 

*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} => value deleted successfully.
"HKCR\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41565256-3700-A76A-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo" => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\AskPartnerNetwork => Moved successfully.
C:\Users\Betty\AppData\Local\AskPartnerNetwork => Moved successfully.
C:\Program Files\AskPartnerNetwork => Moved successfully.



#6 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 24 September 2014 - 04:22 AM

I *think* the site itself may have malware on there. I recently tried it with my laptop (21 September 2014) and got the same redirection. I can't say for sure. I'm letting you know for the sake of full disclosure. If these IS malware on here, I'd like to find it and remove it.


Edited by SteveHNo96, 24 September 2014 - 04:23 AM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 PM

Posted 24 September 2014 - 09:21 AM

what links are you referring to specifically as I visited the site and did not experience any redirection at all.

We may need to reset your router if both of your machines connect via the same router.

Please do the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 24 September 2014 - 09:21 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 PM

Posted 23 October 2014 - 08:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users