Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

many dllhost.exe com surrogate and "powershell has stopped working"


  • This topic is locked This topic is locked
74 replies to this topic

#1 a2kelley

a2kelley

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 07:16 AM

I posted this several days ago (10/23 @ 7:18pm eastern US time) and Broni (thanks!) has been working with me on it through the following link: http://www.bleepingcomputer.com/forums/t/553087/many-dllhostexe-com-surrogate-running-and-powershell-has-stopped-running/

 

we have run:

security check

farbar service scanner

mini toolbox

mbam

mbar

rkill

sophos (keeps picking up Troj/PeeacMem-A in user memory before it will continue)

tfc

adwcleaner

junkware removal tool

eset online scanner (kept getting unexpected error 2002 when installing)

updated firefox

updated adobe flash

updated adobe reader

java update did not complete - error code 1603 (tried twice)

process explorer

uninstalled avg free and posted process explorer again - didn't help

reinstalled avg free

 

this is where Broni told me to start a new topic and start with step 6 here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540
Run by admin at 7:48:56 on 2014-10-27
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2939.1390 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\CBS Interactive\Download App\CBSI.AppStore.Scanner.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\admin\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Users\admin\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz_Qz_R_hPkyjseTAamqUuoDxWf6snKwNnj9NGu8y7EAZgzy8EiRWRvirm3d6Pow,,
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHA,,&q={searchTerms}
uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHA,,&q={searchTerms}
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHA,,&q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Browser Infrastructure Helper] c:\users\admin\appdata\local\smartbar\application\SnapDo.exe startup
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\downlo~1.lnk - c:\program files\cbs interactive\download app\CBSI.AppStore.Scanner.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{949174F0-1FCA-476F-B0B8-322BCE637235} : DHCPNameServer = 192.168.254.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\users\admin\appdata\local\smartbar\application\resources\crdlil.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\jd7bk6qj.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz_Qz_R_hPkyjseTAamqUuoDxWf6snKwNnj9NGu8y7EAZgzy8EiRWRvirm3d6Pow,,
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHA,,&q=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\roaming\catali~1\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-7 213272]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2013-6-15 20384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-10-16 3487248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-10-16 298080]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2013-8-9 13824]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2013-8-9 35840]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-5-23 42264]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-5-23 10136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);c:\program files\consumer input\update\ConsumerInputUpdate.exe [2014-10-26 106296]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem);c:\program files\consumer input\update\ConsumerInputUpdate.exe [2014-10-26 106296]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2013-6-15 954368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-8 114904]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2006-11-28 28224]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\desktop\SVRTservice.exe [2014-8-11 152872]
.
=============== Created Last 30 ================
.
2014-10-27 03:24:53    --------    d-----w-    c:\programdata\Activeris
2014-10-27 03:09:12    --------    d-----w-    c:\users\admin\appdata\roaming\Activeris
2014-10-27 02:56:58    --------    d-----w-    c:\users\admin\appdata\local\Consumer Input
2014-10-27 02:56:28    --------    d-----w-    c:\program files\Consumer Input
2014-10-27 01:59:08    --------    d-----w-    c:\users\admin\appdata\roaming\AVG2015
2014-10-27 01:58:16    --------    d--h--w-    C:\$AVG
2014-10-27 01:58:15    --------    d-----w-    c:\programdata\AVG2015
2014-10-27 01:58:02    --------    d-----w-    c:\program files\AVG
2014-10-27 01:42:57    --------    d-----w-    c:\users\admin\appdata\local\LPT
2014-10-27 01:42:34    --------    d-----w-    c:\users\admin\appdata\local\Smartbar
2014-10-27 01:41:42    --------    d-----w-    c:\program files\AVG Antivirus Free and Options
2014-10-27 01:41:02    --------    d-----w-    c:\users\admin\appdata\local\Avg2015
2014-10-27 01:38:15    --------    d-----w-    c:\users\admin\appdata\local\MFAData
2014-10-27 01:38:15    --------    d-----w-    c:\users\admin\appdata\local\Avg2014
2014-10-27 01:38:15    --------    d-----w-    c:\programdata\MFAData
2014-10-25 02:42:04    --------    d-----w-    c:\program files\ESET
2014-10-25 01:35:29    --------    d-----w-    c:\windows\ERUNT
2014-10-25 00:58:52    --------    d-----w-    C:\AdwCleaner
2014-10-24 22:54:24    --------    d-----w-    c:\users\admin\appdata\roaming\CBS Interactive
2014-10-24 22:25:46    --------    d-----w-    c:\program files\CBS Interactive
2014-10-24 08:34:39    --------    d-----w-    c:\programdata\Sophos
2014-10-24 07:05:03    73728    ----a-r-    c:\users\admin\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-24 07:05:02    73728    ----a-r-    c:\users\admin\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-24 07:05:01    73728    ----a-r-    c:\users\admin\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2014-10-24 07:00:42    --------    d-----w-    C:\desktop
2014-10-24 03:35:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-23 12:14:35    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-23 12:14:31    --------    d-----w-    c:\programdata\RogueKiller
2014-10-22 20:50:59    87200    ----a-w-    c:\programdata\wrnhoah.tmp
2014-10-21 12:34:10    --------    d-----w-    c:\program files\Free Window Registry Repair
2014-10-21 12:07:23    --------    d-----w-    C:\perflogs
2014-10-10 19:13:58    200984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-08 01:39:28    213272    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M  ====================
.
2014-10-27 03:19:31    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 01:02:57    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-26 01:02:56    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-01 15:11:20    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11:14    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-08-29 01:43:36    192792    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH:  7:49:15.77 ===============

Attached Files


Edited by a2kelley, 28 October 2014 - 06:28 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 27 October 2014 - 02:20 PM





Hello a2kelley

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 05:04 PM

have not started following instructions yet, but wanted to update about a couple new things now

 

1) in windows task manager, there is a new process that says notify icon example

 

2) a new windows noticication that plugin container for firefox has stopped working

 

3) something called snap.do that when I try to uninstll it, it just asks which browser I want to hide it from. it won't let me reset my start page.



#4 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 05:12 PM

sorry- the attachment in the first posting is the way I was told to do it in the old topic.



#5 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 05:50 PM

window just popped up saying internet explorer has stopped working. I'm using firefox...



#6 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 05:59 PM

frst is not responding. will try again with avg disabled



#7 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 27 October 2014 - 07:36 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by admin (administrator) on ADMIN-PC on 27-10-2014 19:37:39
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Smartbar) C:\Users\admin\AppData\Local\Smartbar\Application\SnapDo.exe
(CBS Interactive Inc.) C:\Program Files\CBS Interactive\Download App\CBSI.AppStore.Scanner.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\admin\Downloads\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2946318256-1949778503-1927457752-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2946318256-1949778503-1927457752-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\admin\AppData\Local\Smartbar\Application\SnapDo.exe [28192 2014-09-21] (Smartbar)
HKU\S-1-5-21-2946318256-1949778503-1927457752-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\Users\admin\AppData\Local\Smartbar\Application\Resources\crdlil.dll => C:\Users\admin\AppData\Local\Smartbar\Application\Resources\crdlil.dll [67104 2014-10-27] ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
ShortcutTarget: Download App.lnk -> C:\Program Files\CBS Interactive\Download App\CBSI.AppStore.Scanner.exe (CBS Interactive Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz_Qz_R_hPkyjseTAamqUuoDxWf6snKwNnj9NGu8y7EAZgzy8EiRWRvirm3d6PpA,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGw,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHw,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGw,,&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jd7bk6qj.default
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz-3hnnWzUfJmHmeWsLBdafsQGZ1BZoe3_Nmw9iwhGd0hGWXtRWTv6Tqn5T58Xcg,,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: gmail.com
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGw,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\admin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jd7bk6qj.default\searchplugins\Web Search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-15]

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S3 SophosVirusRemovalTool; C:\desktop\SVRTservice.exe [152872 2014-08-11] (Sophos Limited)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213272 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [13824 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [35840 2007-03-27] (Hewlett-Packard Development Company)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-26] (Malwarebytes Corporation)
S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTL8187; system32\DRIVERS\hpl8187.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 19:34 - 2014-10-27 19:34 - 01104896 _____ (Farbar) C:\Users\admin\Downloads\FRST(1).exe
2014-10-27 18:27 - 2014-10-27 19:52 - 00018655 _____ () C:\Users\admin\Downloads\FRST.txt
2014-10-27 18:14 - 2014-10-27 19:46 - 00000000 ____D () C:\FRST
2014-10-27 18:10 - 2014-10-27 18:13 - 01104896 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-10-27 07:37 - 2014-10-27 07:50 - 00017976 _____ () C:\Users\admin\Desktop\dds.txt
2014-10-27 07:37 - 2014-10-27 07:50 - 00007333 _____ () C:\Users\admin\Desktop\attach.txt
2014-10-27 07:36 - 2014-10-27 07:36 - 00688992 ____R (Swearware) C:\Users\admin\Downloads\dds.com
2014-10-26 23:24 - 2014-10-26 23:24 - 00000000 ____D () C:\ProgramData\Activeris
2014-10-26 23:09 - 2014-10-26 23:14 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Activeris
2014-10-26 21:59 - 2014-10-26 21:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\AVG2015
2014-10-26 21:58 - 2014-10-26 21:58 - 00000813 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-26 21:58 - 2014-10-26 21:58 - 00000000 ___HD () C:\$AVG
2014-10-26 21:58 - 2014-10-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-26 21:58 - 2014-10-26 21:58 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-26 21:58 - 2014-10-26 21:58 - 00000000 ____D () C:\Program Files\AVG
2014-10-26 21:51 - 2014-10-26 21:51 - 00002131 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-26 21:51 - 2014-10-26 21:51 - 00002101 _____ () C:\Users\admin\Desktop\Search.lnk
2014-10-26 21:42 - 2014-10-26 21:43 - 00000000 ____D () C:\Users\admin\AppData\Local\LPT
2014-10-26 21:42 - 2014-10-26 21:42 - 00000000 ____D () C:\Users\admin\AppData\Local\Smartbar
2014-10-26 21:41 - 2014-10-26 21:59 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2015
2014-10-26 21:41 - 2014-10-26 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall AVG Antivirus Free and Options
2014-10-26 21:41 - 2014-10-26 21:41 - 00000000 ____D () C:\Program Files\AVG Antivirus Free and Options
2014-10-26 21:38 - 2014-10-27 18:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-26 21:38 - 2014-10-26 21:38 - 00000000 ____D () C:\Users\admin\AppData\Local\MFAData
2014-10-26 21:38 - 2014-10-26 21:38 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2014
2014-10-26 21:35 - 2014-10-26 21:35 - 00926056 _____ (Download Assistant ) C:\Users\admin\Downloads\setup(2).exe
2014-10-26 21:02 - 2014-10-26 21:03 - 00011390 _____ () C:\Users\admin\Desktop\Procexp.TXT
2014-10-26 20:53 - 2014-10-26 20:58 - 00530974 _____ () C:\Users\admin\Downloads\avgremover.log
2014-10-26 20:53 - 2014-10-26 20:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\admin\Downloads\avg_remover_stf_x86_2015_5501.exe
2014-10-26 20:26 - 2014-10-26 20:27 - 00000000 ____D () C:\Users\admin\Downloads\ProcessExplorer
2014-10-26 20:23 - 2014-10-26 20:23 - 01188194 _____ () C:\Users\admin\Downloads\ProcessExplorer.zip
2014-10-25 22:50 - 2014-10-25 22:50 - 00638376 _____ (Oracle Corporation) C:\Users\admin\Downloads\jre-8u25-windows-i586-iftw(4).exe
2014-10-25 21:55 - 2014-10-25 21:55 - 00638376 _____ (Oracle Corporation) C:\Users\admin\Downloads\jre-8u25-windows-i586-iftw(3).exe
2014-10-25 21:32 - 2014-10-25 21:32 - 00638376 _____ (Oracle Corporation) C:\Users\admin\Downloads\jre-8u25-windows-i586-iftw(2).exe
2014-10-25 21:27 - 2014-10-25 21:28 - 00638376 _____ (Oracle Corporation) C:\Users\admin\Downloads\jre-8u25-windows-i586-iftw(1).exe
2014-10-25 21:21 - 2014-10-25 21:21 - 00638376 _____ (Oracle Corporation) C:\Users\admin\Downloads\jre-8u25-windows-i586-iftw.exe
2014-10-25 21:15 - 2014-10-25 21:15 - 00001863 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-25 21:15 - 2014-10-25 21:15 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-25 20:40 - 2014-10-25 20:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-24 22:42 - 2014-10-24 22:42 - 00000000 ____D () C:\Program Files\ESET
2014-10-24 22:40 - 2014-10-24 22:41 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
2014-10-24 22:34 - 2014-10-24 22:34 - 00001142 _____ () C:\Users\admin\Desktop\JRT.txt
2014-10-24 21:35 - 2014-10-24 21:35 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 21:31 - 2014-10-24 21:33 - 01706144 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-10-24 20:58 - 2014-10-24 21:13 - 00000000 ____D () C:\AdwCleaner
2014-10-24 20:57 - 2014-10-24 20:58 - 01962496 _____ () C:\Users\admin\Downloads\adwcleaner_4.001.exe
2014-10-24 19:34 - 2014-10-24 19:34 - 00448512 _____ (OldTimer Tools) C:\Users\admin\Downloads\TFC.exe
2014-10-24 18:54 - 2014-10-24 18:54 - 00000000 ____D () C:\Users\admin\AppData\Roaming\CBS Interactive
2014-10-24 18:53 - 2014-10-26 20:57 - 00035250 _____ () C:\Windows\PFRO.log
2014-10-24 18:41 - 2014-10-24 18:50 - 23374721 _____ (CBS Interactive) C:\Users\admin\Downloads\DownloadApp_1_8_0_209_Setup(1).exe.part
2014-10-24 18:41 - 2014-10-24 18:41 - 00000000 _____ () C:\Users\admin\Downloads\DownloadApp_1_8_0_209_Setup(1).exe
2014-10-24 18:25 - 2014-10-24 18:25 - 00001029 _____ () C:\Users\admin\Desktop\Download App.lnk
2014-10-24 18:25 - 2014-10-24 18:25 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
2014-10-24 18:25 - 2014-10-24 18:25 - 00000000 ____D () C:\Program Files\CBS Interactive
2014-10-24 17:50 - 2014-10-24 18:09 - 31948184 _____ (CBS Interactive) C:\Users\admin\Downloads\DownloadApp_1_8_0_209_Setup.exe
2014-10-24 04:34 - 2014-10-24 04:38 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-24 03:04 - 2014-10-27 08:19 - 00002235 _____ () C:\Users\admin\Desktop\Sophos Virus Removal Tool.lnk
2014-10-24 03:04 - 2014-10-24 03:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-24 02:25 - 2014-10-24 02:39 - 102522936 _____ (Sophos Limited) C:\Users\admin\Downloads\Sophos Virus Removal Tool.exe
2014-10-24 00:24 - 2014-10-24 00:32 - 00002684 _____ () C:\Users\admin\Desktop\Rkill.txt
2014-10-24 00:23 - 2014-10-24 00:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2014-10-23 23:35 - 2014-10-24 00:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-23 23:20 - 2014-10-24 00:16 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2014-10-23 23:13 - 2014-10-23 23:19 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1012.exe
2014-10-23 22:59 - 2014-10-23 23:11 - 00037977 _____ () C:\Users\admin\Downloads\Result.txt
2014-10-23 22:57 - 2014-10-23 22:57 - 00401920 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox.exe
2014-10-23 22:54 - 2014-10-23 22:55 - 00002963 _____ () C:\Users\admin\Downloads\FSS.txt
2014-10-23 22:52 - 2014-10-23 22:52 - 00415232 _____ (Farbar) C:\Users\admin\Downloads\FSS(1).exe
2014-10-23 22:48 - 2014-10-23 22:48 - 00415232 _____ (Farbar) C:\Users\admin\Downloads\FSS.exe
2014-10-23 22:44 - 2014-10-23 22:44 - 00001072 _____ () C:\Users\admin\Desktop\MBAM 10.23.14.txt
2014-10-23 20:34 - 2014-10-23 20:34 - 00854448 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2014-10-23 20:32 - 2014-10-23 20:32 - 00854448 _____ () C:\Users\admin\Downloads\SecurityCheck.exe
2014-10-23 19:50 - 2014-10-23 19:52 - 04362512 _____ (Piriform Ltd) C:\Users\admin\Downloads\dfsetup218.exe
2014-10-23 08:14 - 2014-10-23 09:38 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 08:14 - 2014-10-23 08:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-23 08:11 - 2014-10-23 08:13 - 04707328 _____ () C:\Users\admin\Downloads\RogueKiller.exe
2014-10-22 16:51 - 2014-10-23 07:05 - 00001368 _____ () C:\ProgramData\@system.att
2014-10-22 16:50 - 2014-10-23 07:05 - 00001104 ____H () C:\ProgramData\@system2.att
2014-10-22 16:50 - 2014-10-22 17:33 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-22 16:50 - 2014-10-22 16:50 - 00000448 ____H () C:\Users\admin\AppData\Roaming\麽鎒駓覜
2014-10-22 09:02 - 2014-10-22 09:02 - 04965896 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup418.exe
2014-10-21 13:46 - 2014-10-22 16:39 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-21 08:34 - 2014-10-21 08:58 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
2014-10-21 08:34 - 2014-10-21 08:34 - 00000811 _____ () C:\Users\admin\Desktop\Free Window Registry Repair.lnk
2014-10-21 08:29 - 2014-10-21 08:30 - 00699016 _____ (CNET Download.com) C:\Users\admin\Downloads\cbsidlm-cbsi213-Free_Window_Registry_Repair-SEO-10606555.exe
2014-10-21 08:26 - 2014-10-21 08:27 - 03436624 _____ (tuneuppro.com ) C:\Users\admin\Downloads\setup(1).exe
2014-10-21 08:24 - 2014-10-21 08:24 - 03436624 _____ (tuneuppro.com ) C:\Users\admin\Downloads\setup.exe
2014-10-21 08:08 - 2014-10-21 08:08 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Nitro PDF
2014-10-19 21:01 - 2014-10-19 21:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\InstallShield
2014-10-19 08:57 - 2014-10-19 08:57 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-10-10 15:13 - 2014-10-10 15:13 - 00200984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-10-07 21:39 - 2014-10-07 21:39 - 00213272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-10-05 21:42 - 2014-10-05 21:42 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-09-29 07:57 - 2014-09-29 07:57 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 19:59 - 2014-01-24 12:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 19:35 - 2013-07-06 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 19:16 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 19:16 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 19:15 - 2014-01-24 12:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 19:15 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 19:13 - 2013-06-15 22:02 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-27 19:13 - 2006-11-02 08:58 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-27 18:49 - 2013-08-10 17:31 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-10-26 23:19 - 2014-04-08 17:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 14:51 - 2014-05-06 07:34 - 00000000 ____D () C:\Users\admin\Documents\My Kindle Content
2014-10-26 14:46 - 2013-06-23 09:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-25 21:43 - 2013-10-20 15:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 21:43 - 2013-08-26 17:08 - 00000000 ____D () C:\Program Files\Java
2014-10-25 21:16 - 2014-07-14 09:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-10-25 21:15 - 2008-09-30 15:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 21:15 - 2008-09-30 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-25 21:15 - 2008-09-30 15:54 - 00000000 ____D () C:\Program Files\Adobe
2014-10-25 21:02 - 2013-07-06 20:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-25 21:02 - 2013-07-06 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-24 15:14 - 2014-04-08 17:40 - 00000782 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 15:14 - 2014-04-08 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 04:55 - 2006-11-02 06:33 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 19:57 - 2013-09-12 08:03 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-23 19:56 - 2013-09-12 08:03 - 00001673 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-10-23 19:36 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-23 19:26 - 2014-01-17 16:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-22 09:06 - 2013-09-11 19:44 - 00000775 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-22 09:06 - 2013-09-11 19:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-20 12:09 - 2013-06-26 06:54 - 00000000 ____D () C:\Windows\Minidump
2014-10-20 11:51 - 2008-09-30 15:33 - 00000000 ____D () C:\Program Files\Google
2014-10-20 08:56 - 2006-11-02 08:40 - 00000000 ____D () C:\Windows\WindowsMobile
2014-10-20 08:53 - 2013-07-17 08:05 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2014-10-20 08:08 - 2008-09-30 14:58 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-19 17:13 - 2014-03-02 19:14 - 00000000 ____D () C:\Users\admin\Documents\crossmark
2014-10-19 13:47 - 2014-01-24 12:10 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 11:52 - 2013-12-30 19:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 09:42 - 2014-08-29 07:39 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-18 19:42 - 2013-06-27 18:42 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-18 19:20 - 2008-09-30 15:43 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-07 07:44 - 2013-07-15 07:40 - 00001454 _____ () C:\Users\admin\Desktop\directions.txt
2014-10-01 11:11 - 2014-04-08 17:40 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-08 17:40 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-10-13 17:58 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\admin\jagex_cl_runescape_LIVE.dat
C:\Users\admin\random.dat


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\-y4kocjg.dll
C:\Users\admin\AppData\Local\Temp\0js71qxp.dll
C:\Users\admin\AppData\Local\Temp\0nxc9on9.dll
C:\Users\admin\AppData\Local\Temp\30hk4tay.dll
C:\Users\admin\AppData\Local\Temp\3gfyysn2.dll
C:\Users\admin\AppData\Local\Temp\5dhz4gu1.dll
C:\Users\admin\AppData\Local\Temp\5i9_vndn.dll
C:\Users\admin\AppData\Local\Temp\65gd70xq.dll
C:\Users\admin\AppData\Local\Temp\6gyv6boo.dll
C:\Users\admin\AppData\Local\Temp\7dpc6lju.dll
C:\Users\admin\AppData\Local\Temp\7jw4ckim.dll
C:\Users\admin\AppData\Local\Temp\80y3vcyz.dll
C:\Users\admin\AppData\Local\Temp\9i78oxd7.dll
C:\Users\admin\AppData\Local\Temp\av_zuln9.dll
C:\Users\admin\AppData\Local\Temp\bn5rgefv.dll
C:\Users\admin\AppData\Local\Temp\cb03niyh.dll
C:\Users\admin\AppData\Local\Temp\ciqjbw7g.dll
C:\Users\admin\AppData\Local\Temp\cqrcj2mq.dll
C:\Users\admin\AppData\Local\Temp\edux3oxy.dll
C:\Users\admin\AppData\Local\Temp\eha4ohzq.dll
C:\Users\admin\AppData\Local\Temp\f_6b5kg4.dll
C:\Users\admin\AppData\Local\Temp\g1tfxm2u.dll
C:\Users\admin\AppData\Local\Temp\hywmt3ch.dll
C:\Users\admin\AppData\Local\Temp\ifh_b_ip.dll
C:\Users\admin\AppData\Local\Temp\ihc6bn77.dll
C:\Users\admin\AppData\Local\Temp\jn5lrybc.dll
C:\Users\admin\AppData\Local\Temp\jx6-sfba.dll
C:\Users\admin\AppData\Local\Temp\l8h4zvya.dll
C:\Users\admin\AppData\Local\Temp\lfborvnu.dll
C:\Users\admin\AppData\Local\Temp\n6achtp3.dll
C:\Users\admin\AppData\Local\Temp\nkkbqfnl.dll
C:\Users\admin\AppData\Local\Temp\oivzmu1n.dll
C:\Users\admin\AppData\Local\Temp\okop0w85.dll
C:\Users\admin\AppData\Local\Temp\pd4kyp8d.dll
C:\Users\admin\AppData\Local\Temp\pirr4tni.dll
C:\Users\admin\AppData\Local\Temp\qe7qjzo9.dll
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\rrcfpeud.dll
C:\Users\admin\AppData\Local\Temp\s6gqpbzu.dll
C:\Users\admin\AppData\Local\Temp\sm4jwkem.dll
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
C:\Users\admin\AppData\Local\Temp\stuprt.exe
C:\Users\admin\AppData\Local\Temp\s_r51rbt.dll
C:\Users\admin\AppData\Local\Temp\tqyzw1v0.dll
C:\Users\admin\AppData\Local\Temp\tzi5rzja.dll
C:\Users\admin\AppData\Local\Temp\vambawxh.dll
C:\Users\admin\AppData\Local\Temp\vctrzvmc.dll
C:\Users\admin\AppData\Local\Temp\wxq9axko.dll
C:\Users\admin\AppData\Local\Temp\x1k5fvuz.dll
C:\Users\admin\AppData\Local\Temp\xk4l6yzn.dll
C:\Users\admin\AppData\Local\Temp\xznniypq.dll
C:\Users\admin\AppData\Local\Temp\ze1a1pxt.dll
C:\Users\admin\AppData\Local\Temp\{3DA0A47B-C780-4944-9F2E-93F9725985CD}-ciff-3.2.0-12039.exe
C:\Users\admin\AppData\Local\Temp\{96AD2C7D-96BA-4011-B5C2-E804DCA710B9}-ciie-3.2.0-12258.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 19:22

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by admin at 2014-10-27 20:32:34
Running from C:\Users\admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Download App (HKCU\...\Download App) (Version: 1.8.0 - CBS Interactive)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.1 (x86 en-US)) (Version: 33.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Reader 3 (HKLM\...\{36A1AA90-FB87-4B29-82F3-B116B0023167}) (Version: 3.5.2.10 - Nitro)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
RawPacketDriver (HKLM\...\{091DE262-A5F4-4D6A-97F0-0D6A93D6F4F7}) (Version: 5.5.1805 - PCAUSA)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20130 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.2 (HKLM\...\{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}) (Version: 1.2.2 - Jagex Ltd)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2946318256-1949778503-1927457752-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2946318256-1949778503-1927457752-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25EB5E37-05EF-4AB9-980D-ACD26ACA6EA8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {976FF557-293F-43C6-A999-B863FBA86F94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {98296737-82B1-45EF-8298-8CBC3D529F4B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - admin => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A3BCE8CF-D15E-4F7D-B3E4-6E5EF6771251} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {AD7615AE-315F-45E5-AA7E-B1C3F2F22D84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {E7B3D64D-1B56-4414-9160-0280B2344C4A} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {FE7757BF-9F1C-45F5-B632-6C8EEB55C761} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-28 19:01 - 2011-02-28 18:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00050720 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00086048 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srau.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00165920 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 02425376 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00067104 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\spbl.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00158752 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00014368 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\siem.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00067616 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\sppsm.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00696864 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00014880 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00078880 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00027168 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00070688 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srut.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00029216 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srsbs.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00065568 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00150560 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\smti.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00073760 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\smsp.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00011808 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\sidc.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00030752 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\smtu.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00038944 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\smta.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00031264 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srom.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00047648 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srbu.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00024096 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\sgml.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00061984 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00025120 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srpdm.dll
2014-09-21 12:34 - 2014-09-21 12:34 - 00043552 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00035360 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-09-21 12:35 - 2014-09-21 12:35 - 00193056 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-09-21 12:36 - 2014-09-21 12:36 - 00255520 _____ () C:\Users\admin\AppData\Local\Smartbar\Application\srns.dll
2014-10-10 13:41 - 2014-10-10 13:41 - 01255936 _____ () C:\Program Files\CBS Interactive\Download App\libcurl.dll
2014-10-10 13:39 - 2014-10-10 13:39 - 00066560 _____ () C:\Program Files\CBS Interactive\Download App\zlib.dll
2014-10-25 20:40 - 2014-10-25 20:40 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

========================= Accounts: ==========================

admin (S-1-5-21-2946318256-1949778503-1927457752-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2946318256-1949778503-1927457752-500 - Administrator - Disabled)
Guest (S-1-5-21-2946318256-1949778503-1927457752-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 07:23:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.0.1.5409 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 11f4
Start Time: 01cff23c522f0059
Termination Time: 2096

Error: (10/27/2014 07:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 07:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 27.10.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1110
Start Time: 01cff2335e40af2e
Termination Time: 0

Error: (10/27/2014 07:10:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.0.1.5409 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 157c
Start Time: 01cff22ecf44d20e
Termination Time: 629

Error: (10/27/2014 07:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16540, time stamp 0x53098bd4, exception code 0xc0000005, fault offset 0x0026262b,
process id 0xcc8, application start time 0xiexplore.exe0.

Error: (10/27/2014 06:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16540, time stamp 0x53098bd4, exception code 0xc0000005, fault offset 0x0026262b,
process id 0x11c4, application start time 0xiexplore.exe0.

Error: (10/27/2014 05:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.1.5409, time stamp 0x5449f51c, faulting module mozalloc.dll, version 33.0.1.5409, time stamp 0x5449d001, exception code 0x80000003, fault offset 0x00001425,
process id 0x18a0, application start time 0xplugin-container.exe0.

Error: (10/27/2014 05:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.0.1.5409 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1458
Start Time: 01cff22c485fcf3e
Termination Time: 10517

Error: (10/27/2014 05:23:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.1.5409, time stamp 0x5449f51c, faulting module mozalloc.dll, version 33.0.1.5409, time stamp 0x5449d001, exception code 0x80000003, fault offset 0x00001425,
process id 0x1a6c, application start time 0xplugin-container.exe0.

Error: (10/27/2014 04:39:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16540, time stamp 0x53098bd4, exception code 0xc0000005, fault offset 0x0026262b,
process id 0x10c0, application start time 0xiexplore.exe0.


System errors:
=============
Error: (10/27/2014 07:16:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 04:36:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 08:49:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SophosVirusRemovalTool

Error: (10/27/2014 07:08:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 09:00:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 08:55:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: AVG WatchDog1

Error: (10/26/2014 08:55:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: AVGIDSAgent1

Error: (10/26/2014 02:47:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/25/2014 09:15:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/25/2014 08:35:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SophosVirusRemovalTool


Microsoft Office Sessions:
=========================
Error: (10/27/2014 07:23:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.1.540911f401cff23c522f00592096

Error: (10/27/2014 07:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 07:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe27.10.2014.1111001cff2335e40af2e0

Error: (10/27/2014 07:10:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.1.5409157c01cff22ecf44d20e629

Error: (10/27/2014 07:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165404549b14eMSHTML.dll9.0.8112.1654053098bd4c00000050026262bcc801cff2397c37fb9e

Error: (10/27/2014 06:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165404549b14eMSHTML.dll9.0.8112.1654053098bd4c00000050026262b11c401cff2373ab9d91e

Error: (10/27/2014 05:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.1.54095449f51cmozalloc.dll33.0.1.54095449d001800000030000142518a001cff22dd00901de

Error: (10/27/2014 05:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.1.5409145801cff22c485fcf3e10517

Error: (10/27/2014 05:23:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.1.54095449f51cmozalloc.dll33.0.1.54095449d00180000003000014251a6c01cff22a03f49eee

Error: (10/27/2014 04:39:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165404549b14eMSHTML.dll9.0.8112.1654053098bd4c00000050026262b10c001cff225afe53ace


CodeIntegrity Errors:
===================================
  Date: 2014-10-27 20:32:18.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:17.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:17.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:17.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:15.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:15.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:15.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:14.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:11.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-27 20:32:10.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Genuine Intel® CPU 585 @ 2.16GHz
Percentage of memory in use: 57%
Total physical RAM: 2939.26 MB
Available physical RAM: 1238.48 MB
Total Pagefile: 6106.81 MB
Available Pagefile: 4104.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.48 MB

==================== Drives ================================

Drive c: (SQ004981V02) (Fixed) (Total:140.37 GB) (Free:100.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:7.41 GB) (Free:7.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 389FCCAC)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=140.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=17)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 28 October 2014 - 08:03 AM

AVG kept promoting me to do an initialization scan since I reinstalled. I finally let it. I hope running that is not a problem since you said to not run any tools without you saying to. It's currently the only antivirus I have on the machine, so I wanted it fully functional. 

 

scan is at 88% (been there for forever), shows 4 threats and has had me remove 2 trojan horses so far. one was crypt- don't remember the other. hopefully it'll include those in a report I can post when it's done. I've delayed going out to work today as long as I can. I'm just going to have to leave it running...

 

I have another tablet I'm using to minimize use of the computer as much as possible.


Edited by a2kelley, 28 October 2014 - 08:55 AM.


#9 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 28 October 2014 - 06:51 PM

oops - my post this morning was supposed to say prompting, not promoting... 

 

is there away to post an avg log? I tried a printscreen, but bleepingcomputer said I'm not allowed to use that image extension...

 

what avg found:

* trojan horse dropper.agent.bmqd  -- process name ccleaner  (found this yesterday, said cleaned, but found again today)

* corrupted installer_adobe_flash_player_english[1].exe  (three of these)

* trojan horse crypt3.bagd --  process name ccleaner 

 

avg also says I'm not fully protected -- ems is stopping

 

hopefully this helps


Edited by a2kelley, 28 October 2014 - 08:12 PM.


#10 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 30 October 2014 - 09:00 PM

can someone help me? it's been 3 days since my post got it's first and only instructions...



#11 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 31 October 2014 - 06:10 AM

I just started up the laptop for the first time in a couple days and now I get a message that com surrogate has stopped working...



#12 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 31 October 2014 - 09:51 AM

just ran MBAM again and this is it's log. I had uninstalled snap.do and it said it was gone, but obviously not...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/31/2014
Scan Time: 10:16:15 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.31.05
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291476
Time Elapsed: 30 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [11b0dc3b2656c373067024c37a887888],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, , [11b0dc3b2656c373067024c37a887888],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [833e9186364662d45b3124bf50b242be],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [833e9186364662d45b3124bf50b242be],

Registry Values: 2
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [6b561700c3b91a1c77a66dc257ac817f]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [8a370413e696e650c406a0987f849868]

Registry Data: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPHw,,&q={searchTerms}),,[e7daaf68acd059ddf19bd75222e320e0]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}),,[02bf5eb996e675c1eba433f6ac598a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz_Qz_R_hPkyjseTAamqUuoDxWf6snKwNnj9NGu8y7EAZgzy8EiRWRvirm3d6Ppw, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz_Qz_R_hPkyjseTAamqUuoDxWf6snKwNnj9NGu8y7EAZgzy8EiRWRvirm3d6Ppw,),,[04bdbf58ea920b2ba2eef53401049967]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}),,[ab168493f488b482098557d210f5926e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}),,[2e938f88fc802a0c78193beedc29d927]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}),,[6160a3741a62979fc0d2a0892dd8ef11]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2946318256-1949778503-1927457752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q={searchTerms}),,[328fbb5c13697abc711c65c4bf469b65]

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.SnapDo.A, C:\Users\admin\AppData\Local\Temp\a2BPrKYZzp\2493\29460.msi, , [8839e92e43397cba33a5d0cad0318d73],
PUP.Optional.DownloadAssistant, C:\Users\admin\AppData\Local\Temp\a2vELvSTTo\lbyU0vIc\Setup.exe, , [d3ee56c1047854e2c1709c8c26df5ea2],
PUP.Optional.DownloadAssistant, C:\Users\admin\Downloads\setup(2).exe, , [bf027a9db4c8d75fdd54ce5ac3428f71],
PUP.Optional.WebSearch.A, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jd7bk6qj.default\searchplugins\Web Search.xml, , [724fae69bac23cfa142c1d3912f1eb15],
PUP.Optional.SnapDo.A, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jd7bk6qj.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQpYd9RwDcuTFF7Kj_xrtsOqO8kb5L0ZcZPG9rulVr961zmHQPGA,,&q=");), ,[883967b0f7851b1b343bee7a2adb926e]

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by a2kelley, 31 October 2014 - 09:55 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 October 2014 - 02:09 PM



Hello a2kelley

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 31 October 2014 - 07:13 PM

Hi - glad you're back!

 

when I got home, my husband had started running AVG on it again. it just finished and the only thing it found was a broken digital signature from toshiba that seems to always be there.  starting the next 2 steps now.



#15 a2kelley

a2kelley
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Martinsburg WV
  • Local time:06:49 AM

Posted 31 October 2014 - 07:35 PM

# AdwCleaner v3.311 - Report created 31/10/2014 at 20:29:28
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Activeris
Folder Deleted : C:\Users\admin\AppData\Roaming\Activeris
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\admin\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0.1 (x86 en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jd7bk6qj.default\prefs.js ]

Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7Ogr7c4IDGfiu-lwYP6AejEtVAtJX3lVojYZZlJQkgz556UlnqbmzM1yTZ4s30qW0EWGe0MjKpeKN9KaEzzISz8XsTAzcWH8nQ[...]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1423 octets] - [24/10/2014 20:59:35]
AdwCleaner[R1].txt - [2511 octets] - [31/10/2014 20:24:08]
AdwCleaner[S0].txt - [1491 octets] - [24/10/2014 21:13:19]
AdwCleaner[S1].txt - [1935 octets] - [31/10/2014 20:29:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1995 octets] ##########
 






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users