Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64:Adware-gen!


  • This topic is locked This topic is locked
10 replies to this topic

#1 THtweey

THtweey

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:09:51 PM

Posted 27 November 2014 - 10:23 PM

Avast scan reported Win64:Adware-gen infection. Avast will not fix, quarantine, delete. It says access is denied when I try. I do not know how to remove it.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 11.25.2
Run by Tammy at 21:15:04 on 2014-11-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4060.3003 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mStart Page = hxxp://www.safesear.ch/?type=20141127-125-ie
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.safesear.ch/web/?type=20141127-125-sshome-ie-df&q={searchTerms}
mDefault_Page_URL = hxxp://www.safesear.ch/?type=20141127-125-ie
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: QmeeBHO: {7DF13A39-2F55-4461-9EBB-8DC681A6341F} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Qmee: {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO.dll
TB: Qmee: {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO.dll
uRun: [Google Update] "C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Amazon Cloud Player] "C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Copy] "C:\Users\Tammy\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Tammy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{588AF981-FEBB-47B8-808F-5CBC9AEC11CC} : DHCPNameServer = 97.64.209.36 97.64.168.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
x64-BHO: QmeeBHO: {7DF13A39-2F55-4461-9EBB-8DC681A6341F} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Qmee: {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ExpoThemes-Driver] C:\Program Files (x86)\ExpoThemes\expothemes_core.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Tammy\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64;C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [2014-10-26 48784]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-10-19 76912]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-11 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-11 267632]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-11 1050432]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-11 436624]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-1 29208]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-11 83280]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-29 116728]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-19 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-19 271752]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-19 4012248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-9 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-11 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-11 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-11 1255736]
.
=============== Created Last 30 ================
.
2014-11-28 01:43:19 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3CFE8C6-D584-495F-ADBB-4943956EFAD2}\mpengine.dll
2014-11-28 00:12:30 -------- d-----w- C:\Users\Tammy\AppData\Local\Fast Browser
2014-11-19 22:03:00 -------- d-----w- C:\Windows\SysWow64\vbox
2014-11-19 22:03:00 -------- d-----w- C:\Windows\System32\vbox
2014-11-19 21:55:56 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-19 01:27:20 -------- d-----w- C:\ProgramData\374311380
2014-11-18 05:09:08 -------- d-----w- C:\ProgramData\ChampionDeals
2014-11-18 05:07:46 -------- d-----w- C:\ProgramData\couponpeak
2014-11-18 05:07:20 -------- d-----w- C:\ProgramData\4bd07a3526c240cf
2014-11-18 04:23:33 -------- d-----w- C:\Users\Tammy\AppData\Local\Pro_PC_Cleaner
2014-11-18 04:23:06 -------- d-----w- C:\ProgramData\BlueStacksSetup
2014-11-18 04:23:05 -------- d-----w- C:\Users\Tammy\AppData\Local\Bluestacks
2014-11-18 04:23:00 -------- d-----w- C:\Users\Tammy\AppData\Local\SearchProtect
2014-11-18 04:22:58 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-11-18 04:22:37 -------- d-----w- C:\ProgramData\pastaleads
2014-11-18 04:22:36 -------- d-----w- C:\Program Files (x86)\pastaleads
.
==================== Find3M  ====================
.
2014-11-21 23:51:56 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-19 21:55:58 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-19 21:55:58 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-19 21:55:58 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-19 21:55:58 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-19 21:55:58 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-19 21:55:57 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-11 22:54:28 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 22:54:28 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-10 10:04:00 233280 ----a-w- C:\Windows\apppatch\AppPatch64\VCLdr64.dll
2014-11-04 20:30:58 275080 ----a-w- C:\Windows\System32\MpSigStub.exe
2014-10-26 15:31:44 48784 ----a-w- C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
2014-10-17 13:40:16 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-30 02:01:04 0 ----a-w- C:\nsg1D16.tmp
2014-09-30 02:01:04 0 ----a-w- C:\nsg1D15.tmp
.
============= FINISH: 21:15:46.90 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 29 November 2014 - 12:23 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:09:51 PM

Posted 29 November 2014 - 09:34 PM

Thank you Jurgen!

 

Following are my log files from Farbar scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Tammy (administrator) on TAMMY-PC on 29-11-2014 20:29:57
Running from C:\Users\Tammy\Documents\Downloads
Loaded Profile: Tammy (Available profiles: Tammy & Trenton & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ExpoThemes-Driver] => C:\Program Files (x86)\ExpoThemes\expothemes_core.exe [108544 2013-08-22] (ExpoThemes)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [Amazon Cloud Player] => C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {603906dd-5168-11e4-8f3d-1c6f65eed3f4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {a64d5350-b765-11e3-a26a-1c6f65eed3f4} - E:\Setup.exe
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {f133cd65-4fd7-11e4-bf05-1c6f65eed3f4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Tammy\AppData\Roaming\Copy\CopyAgent.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs:  C:\Program Files (x86)\Supporter\Supporter_x64.dll => C:\Program Files (x86)\Supporter\Supporter_x64.dll File Not Found
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20141127-125-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20141127-125-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20141127-125-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20141127-125-ie-sm
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {29CFAC75-97BB-4564-AA02-06BDDE1A03DC} URL = http://www.safesear.ch/web/?type=20141127-125-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> DefaultScope {29CFAC75-97BB-4564-AA02-06BDDE1A03DC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {29CFAC75-97BB-4564-AA02-06BDDE1A03DC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} ->  No File
BHO: QmeeBHO -> {7DF13A39-2F55-4461-9EBB-8DC681A6341F} -> C:\Program Files (x86)\Qmee\0.9.12\KangoBHO64.dll (Kango)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: QmeeBHO -> {7DF13A39-2F55-4461-9EBB-8DC681A6341F} -> C:\Program Files (x86)\Qmee\0.9.12\KangoBHO.dll (Kango)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Qmee - {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO64.dll (Kango)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Qmee - {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO.dll (Kango)
Toolbar: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> Qmee - {E120ACB6-21BA-45ED-9E79-32079107C103} - C:\Program Files (x86)\Qmee\0.9.12\KangoBHO64.dll (Kango)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tammy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @talk.google.com/O1DPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-11]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com
FF Extension: No Name - wrc@avast.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20141127-125-ff-sm
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0CyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=678745800&ir=", "https://us.yahoo.com/?&fr=hp-avast&type=avastbcl", "https://www.yahoo.com?fr=hp-avast&type=avastbcl", "hxxp://www.msn.com/?pc=AV01", "hxxp://start.iminent.com/?appId=CFA4E187-7FE6-42DA-A885-0B023132171B", "https://www.yahoo.com?fr=hp-avast&type=odc019", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0A0DtDzztDtDtAtG0EzzyD0FtGyD0BzzyDtGtA0CtCtCtGyEyB0F0DtD0C0DzztB0A0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=339450304&ir=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0A0DtDzztDtDtAtG0EzzyD0FtGyD0BzzyDtGtA0CtCtCtGyEyB0F0DtD0C0DzztB0A0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=687620262&ir=", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtDyEyByEyBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0FtAyByB0AtAyDtG0AzyzzzytG0CtCyEyDtGzzyB0C0CtGyEtD0EtDzztD0E0AzzyD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=676536502&ir="
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-20]
CHR Extension: (Games) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeknbdakknlclbcpnigjcijckeddmde [2014-11-27]
CHR Extension: (Loupe Collage) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2014-11-27]
CHR Extension: (Photo resize compress and Zip) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blinbhliohhhnddefmgbaelknpjpopjh [2014-11-27]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-11-27]
CHR Extension: (Tampermonkey BETA) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2014-11-28]
CHR Extension: (Avast Online Security) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-20]
CHR Extension: (StudentBook) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiimjijildjkajollpjecaocbbjfobed [2014-11-27]
CHR Extension: (Popular Math) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldopnmmmjmhibkkhjihpejkbpnnnmkm [2014-11-27]
CHR Extension: (Crackle) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-11-27]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-11-20]
CHR Extension: (WordCounter.net) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmpgnfkmmcabkcikheplopibnejhcej [2014-11-27]
CHR Extension: (Google Play) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-11-27]
CHR Extension: (Mesh) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmcocklcehnlnacdljgddegdghggkpk [2014-11-28]
CHR Extension: (Qmee) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2014-11-20]
CHR Extension: (My Study Life) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2014-11-27]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-11-20]
CHR Extension: (Reference.com) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooffafbjcjgjinobbfdgkefebeiodngk [2014-11-27]
CHR Extension: (myHomework Student Planner) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [adkhghgijehdiemgfkmpamgcfanckplk] - C:\Users\Tammy\AppData\Local\CRE\adkhghgijehdiemgfkmpamgcfanckplk.crx []
CHR HKLM-x32\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Tammy\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [48784 2014-10-26] (StdLib)
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-29 20:29 - 2014-11-29 20:30 - 00000000 ____D () C:\FRST
2014-11-29 15:14 - 2014-11-29 15:14 - 00000197 _____ () C:\Windows\system32\2014-11-29-21-14-13.031-AvastVBoxSVC.exe-2656.log
2014-11-29 13:38 - 2014-11-29 13:38 - 00000197 _____ () C:\Windows\system32\2014-11-29-19-38-11.063-AvastVBoxSVC.exe-2552.log
2014-11-29 01:31 - 2014-11-29 01:31 - 00000197 _____ () C:\Windows\system32\2014-11-29-07-31-50.093-AvastVBoxSVC.exe-2232.log
2014-11-28 19:52 - 2014-11-28 19:52 - 00000197 _____ () C:\Windows\system32\2014-11-29-01-52-28.009-AvastVBoxSVC.exe-1784.log
2014-11-28 18:29 - 2014-11-28 18:29 - 00000197 _____ () C:\Windows\system32\2014-11-29-00-29-42.001-AvastVBoxSVC.exe-1916.log
2014-11-28 09:25 - 2014-11-28 09:25 - 00000197 _____ () C:\Windows\system32\2014-11-28-15-25-34.016-AvastVBoxSVC.exe-3052.log
2014-11-27 21:15 - 2014-11-27 21:17 - 00013944 _____ () C:\Users\Tammy\Desktop\dds.txt
2014-11-27 21:15 - 2014-11-27 21:17 - 00013639 _____ () C:\Users\Tammy\Desktop\attach.txt
2014-11-27 20:40 - 2014-11-27 20:42 - 00036864 ___SH () C:\Users\Tammy\AppData\Roaming\Thumbs.db
2014-11-27 20:20 - 2014-11-27 20:20 - 00000338 _____ () C:\Windows\PFRO.log
2014-11-27 19:43 - 2014-11-27 19:43 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-27 19:43 - 2014-11-27 19:43 - 00000197 _____ () C:\Windows\system32\2014-11-28-01-43-58.011-AvastVBoxSVC.exe-1576.log
2014-11-27 19:43 - 2014-11-27 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-27 19:43 - 2014-11-19 15:55 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-27 19:39 - 2014-11-27 19:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-27 19:24 - 2014-11-27 19:24 - 00000197 _____ () C:\Windows\system32\2014-11-28-01-24-32.056-AvastVBoxSVC.exe-2324.log
2014-11-27 18:12 - 2014-11-27 19:37 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Fast Browser
2014-11-25 19:38 - 2014-11-25 19:38 - 00111952 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 19:52 - 2014-11-23 19:54 - 00000000 ____D () C:\Users\Tammy\Desktop\Stericycle Work
2014-11-23 09:44 - 2014-11-23 09:44 - 00000197 _____ () C:\Windows\system32\2014-11-23-15-44-58.028-AvastVBoxSVC.exe-2068.log
2014-11-21 17:48 - 2014-11-21 17:49 - 00000197 _____ () C:\Windows\system32\2014-11-21-23-48-58.079-AvastVBoxSVC.exe-2804.log
2014-11-20 14:45 - 2014-11-20 14:45 - 00102197 _____ () C:\Users\Tammy\Super Mario World 2 - Yoshi's Island.smc.save
2014-11-20 10:27 - 2014-11-20 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 09:18 - 2014-11-27 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-20 02:02 - 2014-11-20 02:02 - 00103546 _____ () C:\Users\Tammy\super mario world 2
2014-11-19 17:55 - 2014-11-19 17:55 - 00000197 _____ () C:\Windows\system32\2014-11-19-23-55-28.062-AvastVBoxSVC.exe-2788.log
2014-11-19 17:51 - 2014-11-29 15:10 - 00000560 _____ () C:\Windows\setupact.log
2014-11-19 17:51 - 2014-11-19 17:53 - 00439472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 17:51 - 2014-11-19 17:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-19 16:18 - 2014-11-19 16:19 - 00000247 _____ () C:\Windows\system32\2014-11-19-22-18-56.057-aswFe.exe-2980.log
2014-11-19 16:12 - 2014-11-19 16:18 - 00000247 _____ () C:\Windows\system32\2014-11-19-22-12-19.010-aswFe.exe-1808.log
2014-11-19 16:12 - 2014-11-19 16:12 - 00000197 _____ () C:\Windows\system32\2014-11-19-22-12-13.007-AvastVBoxSVC.exe-3332.log
2014-11-19 16:03 - 2014-11-19 16:03 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-19 16:03 - 2014-11-19 16:03 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-19 15:55 - 2014-11-19 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-18 19:27 - 2014-11-18 19:27 - 00000000 ____D () C:\ProgramData\374311380
2014-11-17 23:09 - 2014-11-17 23:09 - 00000000 ____D () C:\ProgramData\ChampionDeals
2014-11-17 23:07 - 2014-11-27 19:37 - 00000000 ____D () C:\ProgramData\couponpeak
2014-11-17 23:07 - 2014-11-17 23:09 - 00000000 ____D () C:\ProgramData\4bd07a3526c240cf
2014-11-17 22:31 - 2014-11-17 22:31 - 00000000 ____D () C:\Users\Tammy\Documents\Optimizer Pro
2014-11-17 22:23 - 2014-11-19 16:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-17 22:23 - 2014-11-18 19:21 - 00000000 ____D () C:\Users\Tammy\Documents\ProPCCleaner
2014-11-17 22:23 - 2014-11-17 22:23 - 00000000 ____D () C:\Users\Tammy\AppData\Local\SearchProtect
2014-11-17 22:23 - 2014-11-17 22:23 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Pro_PC_Cleaner
2014-11-17 22:23 - 2014-11-17 22:23 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Bluestacks
2014-11-17 22:22 - 2014-11-18 19:26 - 00000000 ____D () C:\Program Files (x86)\pastaleads
2014-11-17 22:22 - 2014-11-17 22:30 - 00000000 ____D () C:\ProgramData\pastaleads
2014-11-17 22:22 - 2014-11-17 22:23 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-10 20:11 - 2014-11-10 20:11 - 00000000 ____D () C:\Users\Trenton.Tammy-PC\AppData\Roaming\Mozilla
2014-11-07 06:34 - 2014-11-19 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hott notes 4
2014-11-07 06:34 - 2014-11-07 06:34 - 00001004 _____ () C:\Users\Trenton.Tammy-PC\Desktop\hott notes 4.lnk
2014-11-07 06:34 - 2014-11-07 06:34 - 00001004 _____ () C:\Users\Guest\Desktop\hott notes 4.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-29 20:27 - 2014-02-14 21:44 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-29 20:09 - 2014-10-12 11:28 - 00000292 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-11-29 20:03 - 2013-11-18 21:17 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA.job
2014-11-29 19:54 - 2014-02-24 15:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 19:43 - 2013-10-11 14:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA.job
2014-11-29 19:40 - 2013-12-07 18:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 16:00 - 2014-02-16 12:18 - 00000000 ___RD () C:\Users\Tammy\Google Drive
2014-11-29 16:00 - 2013-10-11 08:24 - 01712284 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 15:59 - 2013-12-07 18:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 15:43 - 2013-10-11 14:14 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core.job
2014-11-29 15:12 - 2014-01-02 13:26 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-29 15:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 09:03 - 2013-11-18 21:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core.job
2014-11-28 23:54 - 2009-07-13 22:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 23:54 - 2009-07-13 22:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 09:25 - 2013-10-11 09:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-27 19:43 - 2013-11-18 20:08 - 00000000 ____D () C:\Users\Trenton.Tammy-PC
2014-11-27 19:43 - 2013-10-11 17:34 - 00000000 ____D () C:\Users\Guest
2014-11-27 19:39 - 2013-10-11 08:24 - 00000000 ____D () C:\Users\Tammy
2014-11-27 19:37 - 2013-10-11 09:19 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-24 11:13 - 2014-02-14 20:48 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-11-23 23:35 - 2014-01-12 21:42 - 00086016 ___SH () C:\Users\Tammy\Desktop\Thumbs.db
2014-11-23 20:12 - 2014-01-09 21:26 - 00000000 ____D () C:\Users\Tammy\Documents\School
2014-11-23 14:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 09:41 - 2014-05-27 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-21 17:51 - 2013-10-11 09:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-19 16:35 - 2013-10-11 09:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-19 15:55 - 2014-05-01 09:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-19 15:55 - 2013-12-29 10:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-18 19:22 - 2014-03-01 13:49 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-18 14:37 - 2014-07-30 13:35 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-11-17 22:26 - 2014-02-26 16:59 - 00000004 _____ () C:\END
2014-11-14 10:28 - 2013-10-11 09:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-14 10:27 - 2013-10-11 09:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Deployment
2014-11-14 06:35 - 2013-12-07 18:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 06:35 - 2013-12-07 18:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:38 - 2013-10-11 14:14 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA
2014-11-13 15:38 - 2013-10-11 14:14 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core
2014-11-13 08:58 - 2013-11-18 21:17 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA
2014-11-13 08:58 - 2013-11-18 21:17 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core
2014-11-11 16:54 - 2014-02-24 15:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 16:54 - 2013-10-11 09:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 16:54 - 2013-10-11 09:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 22:38 - 2013-10-11 14:14 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2014-11-10 07:34 - 2009-07-13 23:13 - 00801714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 17:37 - 2014-02-16 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 14:30 - 2010-11-20 21:27 - 00275080 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 08:53 - 2013-10-29 11:24 - 00131584 ___SH () C:\Users\Tammy\Documents\Thumbs.db
2014-11-04 08:50 - 2014-01-02 14:43 - 00000000 ____D () C:\Users\Tammy\Documents\Saved Misc
2014-11-04 08:18 - 2014-05-24 06:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 08:15 - 2014-04-06 08:11 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Dropbox
 
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\AutoRun.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRunGUI.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 02:28
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Tammy at 2014-11-29 20:31:20
Running from C:\Users\Tammy\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Awakening: Moonfell Wood (HKLM-x32\...\BFG-Awakening - Moonfell Wood) (Version:  - )
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Awakening: The Goblin Kingdom Collector's Edition (HKLM-x32\...\BFG-Awakening - The Goblin Kingdom Collector's Edition) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Dark Parables: Rise of the Snow Queen Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Rise of the Snow Queen Collector's Edition) (Version:  - )
Dark Parables: The Exiled Prince (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince) (Version:  - )
Dark Parables: The Exiled Prince Collector's Edition (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince Collector's Edition) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Grim Tales: The Bride Collector's Edition (HKLM-x32\...\BFG-Grim Tales - The Bride Collector's Edition) (Version:  - )
Grim Tales: The Legacy (HKLM-x32\...\BFG-Grim Tales - The Legacy) (Version:  - )
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.22.0-2010-10-21-ash - Alexander Shaduri)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Publix Preschool Pals (HKLM-x32\...\Publix Preschool Pals) (Version:  - )
Qmee (HKLM-x32\...\{7DF13A39-2F55-4461-9EBB-8DC681A6341F}) (Version: 0.9.12 - KangoExtensions) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rabbit's Magic Adventures (HKLM-x32\...\BFG-Rabbit's Magic Adventures) (Version:  - )
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Ralink)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
18-11-2014 09:53:05 Windows Update
19-11-2014 21:53:48 avast! antivirus system restore point
22-11-2014 12:48:53 Windows Update
25-11-2014 13:17:27 Windows Update
28-11-2014 01:32:33 Restore Operation
28-11-2014 01:39:12 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2013-11-27 12:42 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BE4F284-DA5A-43A8-942B-6FDB995766B5} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {2D52945B-1187-43A2-8C3F-2BA7DD495A78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] ()
Task: {3B73C398-8F17-4A0F-9F5F-D7DF5B1936AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {3EC52CA4-F40F-4D6B-9303-858CF4E6B0F7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {46DA95B5-A2CD-4412-B55A-B3B5033973DF} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {5432AB66-F033-437C-BF16-3CBD118E49AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {5B88E16E-2C79-4953-A08A-C32287A5F8A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {9583D3DD-44D4-42DB-9ED6-6663A84BC007} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {AE4D70B5-463F-4ECA-A2D8-6C335CD40908} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {B5AAFB38-5DD9-488F-9A5D-9AEC22898574} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {BECF922A-1B6D-4496-AAAE-BBF389B6D146} - \Component System\Component No Task File <==== ATTENTION
Task: {C227F41B-EE96-4EFC-A7A9-4DCE35A0F25E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {DB5062BB-D1C7-4FC7-B4D1-A705E7469356} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {DB821BEC-8528-4B97-B0A3-FBB7A0359C92} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {FC0DBDD8-00D7-458B-860B-1DF3CA472DF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core.job => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA.job => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Tammy\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-19 15:55 - 2014-11-19 15:55 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-03-23 21:25 - 2014-03-07 14:39 - 03168576 _____ () C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-11-11 13:07 - 2011-11-11 13:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 11:19 - 2011-08-12 11:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-14 13:41 - 2014-04-14 13:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-11-29 13:30 - 2014-11-29 13:30 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112901\algo.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-29 15:59 - 2014-11-29 15:59 - 00098816 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32api.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00110080 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\pywintypes27.dll
2014-11-29 15:59 - 2014-11-29 15:59 - 00364544 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\pythoncom27.dll
2014-11-29 15:59 - 2014-11-29 15:59 - 00045568 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_socket.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 01160704 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_ssl.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00320512 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32com.shell.shell.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00713216 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_hashlib.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 01175040 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._core_.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00805888 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._gdi_.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00811008 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._windows_.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 01062400 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._controls_.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00735232 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._misc_.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00128512 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_elementtree.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00127488 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\pyexpat.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00557056 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\pysqlite2._sqlite.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00087552 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_ctypes.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00119808 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32file.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00108544 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32security.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00007168 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\hashobjs_ext.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00167936 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32gui.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00018432 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32event.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00038912 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32inet.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00011264 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32crypt.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00070656 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._html2.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00027136 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\_multiprocessing.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00035840 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32process.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00686080 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\unicodedata.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00122368 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._wizard.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00024064 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32pipe.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00025600 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32pdh.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00525640 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\windows._lib_cacheinvalidation.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00010240 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\select.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00017408 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32profile.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00022528 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\win32ts.pyd
2014-11-29 15:59 - 2014-11-29 15:59 - 00078336 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI31522\wx._animate.pyd
2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4157BB05
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4E40FF75
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:88C0A705
AlternateDataStreams: C:\ProgramData\TEMP:92FE8A60
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004
AlternateDataStreams: C:\ProgramData\TEMP:BDE339B9
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D64DD961
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3788719127-3714897723-2409179310-500 - Administrator - Disabled)
Guest (S-1-5-21-3788719127-3714897723-2409179310-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3788719127-3714897723-2409179310-1002 - Limited - Enabled)
Tammy (S-1-5-21-3788719127-3714897723-2409179310-1000 - Administrator - Enabled) => C:\Users\Tammy
Trenton (S-1-5-21-3788719127-3714897723-2409179310-1039 - Limited - Enabled) => C:\Users\Trenton.Tammy-PC
 
==================== Faulty Device Manager Devices =============
 
Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/29/2014 03:59:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/29/2014 03:12:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/29/2014 01:36:49 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/29/2014 01:36:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/29/2014 04:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
 
Error: (11/29/2014 04:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984
 
Error: (11/29/2014 04:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/29/2014 01:29:59 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/29/2014 01:29:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/29/2014 00:40:00 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (11/29/2014 07:41:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 07:11:13 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 06:41:12 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 06:11:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 05:41:10 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 04:41:08 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 04:11:09 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (11/29/2014 04:00:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/29/2014 04:00:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/29/2014 04:00:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-11 15:05:36.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:05:36.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:57.031
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:56.951
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:04.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:04.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:02.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:02.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:03:54.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:03:54.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3400 @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 4060.49 MB
Available physical RAM: 2289.93 MB
Total Pagefile: 8119.16 MB
Available Pagefile: 5864.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.44 GB) (Free:14.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 30 November 2014 - 11:04 AM

Hi,
 
next steps are:

Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:
                                                            Java 7 Update 60
                                                                     Qmee



Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:09:51 PM

Posted 30 November 2014 - 09:17 PM

Thank you! I have completed the uninstalls requested and the log files are as follows:

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 19:01:25
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tammy - TAMMY-PC
# Running from : C:\Users\Tammy\Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\couponpeak
Folder Deleted : C:\ProgramData\4bd07a3526c240cf
Folder Deleted : C:\Program Files (x86)\pastaleads
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Tammy\AppData\Local\emaze
Folder Deleted : C:\Users\Tammy\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Tammy\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Tammy\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Tammy\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Tammy\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Tammy\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\Tammy\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Tammy\Documents\Optimizer Pro
Folder Deleted : C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
File Deleted : C:\END
File Deleted : C:\Windows\System32\\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys
File Deleted : C:\Users\Tammy\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\cin2hnpn.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ed1cg1i5.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\eh18lvo3.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\cin2hnpn.default\user.js
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ed1cg1i5.default\user.js
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\eh18lvo3.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : WSE_Astromenda
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [search-snacks@search-snacks.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{be55be45-6177-4fa7-a0ba-dd5042e4c139}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{be55be45-6177-4fa7-a0ba-dd5042e4c139}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{be55be45-6177-4fa7-a0ba-dd5042e4c139}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{be55be45-6177-4fa7-a0ba-dd5042e4c139}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29CFAC75-97BB-4564-AA02-06BDDE1A03DC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : [x64] HKLM\SOFTWARE\SweetIM
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\Supporter\Supporter_x64.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[cin2hnpn.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[cin2hnpn.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[cin2hnpn.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtDyEyByEyBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...]
[ed1cg1i5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[ed1cg1i5.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtDyEyByEyBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...]
[eh18lvo3.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[eh18lvo3.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtDyEyByEyBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...]
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_41_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtCyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ggfc_14_41_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtCyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzy[...]
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ggfc_14_41_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtCyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtB[...]
[y639oyte.default\prefs.js] - Line Deleted : user_pref("extensions.qOEGjg1PUoRGzXS0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[y639oyte.default\prefs.js] - Line Deleted : user_pref("iminent.BirthDate", "1406748931");
 
-\\ Google Chrome v39.0.2171.65
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0CyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=678745800&ir=
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0CyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=678745800&ir=
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Trenton\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=F2C006F4-6846-4E3B-8C92-1115C2BEC104&n=77fdce3d&ind=2013122109&p2=^ZJ^xdm268^YYA^us&si=CJXis_LswrsCFbBFMgodHTcA4g
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0CyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=678745800&ir=
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.iminent.com/?appId=CFA4E187-7FE6-42DA-A885-0B023132171B&ref=toolbox&q={searchTerms}
[C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0A0DtDzztDtDtAtG0EzzyD0FtGyD0BzzyDtGtA0CtCtCtGyEyB0F0DtD0C0DzztB0A0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=687620262&ir=
 
*************************
 
AdwCleaner[R0].txt - [7688 octets] - [07/12/2013 16:54:37]
AdwCleaner[R1].txt - [15753 octets] - [30/11/2014 18:58:34]
AdwCleaner[S0].txt - [4974 octets] - [07/12/2013 16:55:49]
AdwCleaner[S1].txt - [14880 octets] - [30/11/2014 19:01:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14941 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/30/2014
Scan Time: 7:14:32 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.30.11
Rootkit Database: v2014.11.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451192
Time Elapsed: 32 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.SearchSnacks.A, HKU\S-1-5-21-3788719127-3714897723-2409179310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, Quarantined, [9658b48dec90ff37723ee3e11ee4c43c], 
PUP.Optional.ArcadeFrontier.A, HKU\S-1-5-21-3788719127-3714897723-2409179310-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [c22c0e33d3a967cf17a53e83c83a56aa], 
PUP.Optional.ArcadeFrontier.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [c22c0e33d3a967cf17a53e83c83a56aa], 
PUP.Optional.ArcadeFrontier.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [c22c0e33d3a967cf17a53e83c83a56aa], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [dd1171d09fdd0a2cc4428f2c887c01ff], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [0ee07bc69fddb0860401febd848001ff], 
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [a74730114438999d86384ff8a06352ae], 
PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [e6084af79fdd94a27e961e3944bf46ba], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3788719127-3714897723-2409179310-1039-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [905e6dd41d5f39fd9281d07327dc6c94], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3788719127-3714897723-2409179310-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [27c79ea3ff7d181e6ca7d0732dd629d7], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.ChampionDeals.A, C:\ProgramData\ChampionDeals, Quarantined, [5e9049f80f6d7fb761be65d36b98a957], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs, Quarantined, [b53987bae99359dd20d264d60201619f], 
 
Files: 35
PUP.Optional.Solimba, C:\Users\Tammy\Documents\Downloads\Plants vs Zombies 2.exe, Quarantined, [727c8eb3c7b5e1556798d9fe46bb8c74], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Quarantined, [7678ef52e3995dd907dfd9167d849f61], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [3db15be6ceae4aec61a801baf50f6a96], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav-groups, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\favs##b1cadaae469a5e2f17cb4681981c6413, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\redirects, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\0045bf79fe4c70bd890aace2ddd25852, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\04f21100c8a1b587926243ca9016d3c4, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\06542c9e7690069045335e83b09fbdef, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\4065aa0b47b0923d4872afb52da5db9a, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\8d28dd509c497a5a8fd807811de90381, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\972c5e7a085ebf3fe747d6bef9098848, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\aab8e93e4df995208b70b00a4fb53474, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\aefa37952f26352bd35c816efaa4e0f3, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\c2b4ba3c51ed26441106392cccdd7db7, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\ca92534199305737d0251449130b3961, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\cf04b035fe3360e949f1ff4d49ffe04c, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\dc07f710536c756ef06056d0dd8b95c7, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\e6e3e9b405c5b5c14bcee7855c1e65a4, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\e8dcb4cf82d4ff73038ebf0cb470ca5d, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.Groovorio.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\nspdlgrvrio\fav_thumbs\f1884b2246397932c5ec52648ca31a82, Quarantined, [1fcf65dcbcc050e627da101ca95a56aa], 
PUP.Optional.ChampionDeals.A, C:\ProgramData\ChampionDeals\ChampionDeals.exe, Quarantined, [5e9049f80f6d7fb761be65d36b98a957], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav-groups, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\favs##0a6076c9bf60bb276bd3ab7b2f16e472, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\228c63fb4ff8a38eeb04ed0a1dd51af9, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\36ad6d9f5a836c327cfc7143f689c96b, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\39913e57c37a5e9667f862be883810ed, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\4009ef3b69efd90ae38a9002b87eea69, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\5c0c908a57bee0fb7828fc636ae94191, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\61b15e2d3d235f91701eba9a316cb0ac, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\68f1eddbbd0cb7aa767d63088481ca0e, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\7f1830a7d6e6d2c9564d084ce0b92660, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\ae6f60c2274c08d5c8262772a40c06a8, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\b0f277bbe4fce6d9f6d57830e253029e, Quarantined, [b53987bae99359dd20d264d60201619f], 
PUP.Optional.Astromenda.A, C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\astrmndant\fav_thumbs\bd2ef091c2e98bdb0c1d8d25e9cd7f06, Quarantined, [b53987bae99359dd20d264d60201619f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01
Ran by Tammy (administrator) on TAMMY-PC on 30-11-2014 20:13:41
Running from C:\Users\Tammy\Documents\Downloads
Loaded Profile: Tammy (Available profiles: Tammy & Trenton & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ExpoThemes-Driver] => C:\Program Files (x86)\ExpoThemes\expothemes_core.exe [108544 2013-08-22] (ExpoThemes)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [Amazon Cloud Player] => C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {603906dd-5168-11e4-8f3d-1c6f65eed3f4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {a64d5350-b765-11e3-a26a-1c6f65eed3f4} - E:\Setup.exe
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\MountPoints2: {f133cd65-4fd7-11e4-bf05-1c6f65eed3f4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Tammy\AppData\Roaming\Copy\CopyAgent.exe"
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-11-18] ()
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> DefaultScope {29CFAC75-97BB-4564-AA02-06BDDE1A03DC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {29CFAC75-97BB-4564-AA02-06BDDE1A03DC} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tammy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @talk.google.com/O1DPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\y639oyte.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-11]
FF Extension: No Name - wrc@avast.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0CyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=678745800&ir=", "https://us.yahoo.com/?&fr=hp-avast&type=avastbcl", "https://www.yahoo.com?fr=hp-avast&type=avastbcl", "hxxp://www.msn.com/?pc=AV01", "hxxp://start.iminent.com/?appId=CFA4E187-7FE6-42DA-A885-0B023132171B", "https://www.yahoo.com?fr=hp-avast&type=odc019", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0A0DtDzztDtDtAtG0EzzyD0FtGyD0BzzyDtGtA0CtCtCtGyEyB0F0DtD0C0DzztB0A0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=339450304&ir=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtCyEyByEyBtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0A0DtDzztDtDtAtG0EzzyD0FtGyD0BzzyDtGtA0CtCtCtGyEyB0F0DtD0C0DzztB0A0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=687620262&ir=", "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_43_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0A0FtDzztD0EtDyEyByEyBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0FtAyByB0AtAyDtG0AzyzzzytG0CtCyEyDtGzzyB0C0CtGyEtD0EtDzztD0E0AzzyD0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCzyzytAyBzzzztGzz0F0EyBtGyE0B0F0BtGzztC0EyBtGtDzzzy0AtDzy0EtBzzyD0F0D2Q&cr=676536502&ir="
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-20]
CHR Extension: (Games) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeknbdakknlclbcpnigjcijckeddmde [2014-11-27]
CHR Extension: (Loupe Collage) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2014-11-27]
CHR Extension: (Photo resize compress and Zip) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blinbhliohhhnddefmgbaelknpjpopjh [2014-11-27]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-11-27]
CHR Extension: (Tampermonkey BETA) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2014-11-28]
CHR Extension: (Avast Online Security) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-20]
CHR Extension: (StudentBook) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiimjijildjkajollpjecaocbbjfobed [2014-11-27]
CHR Extension: (Popular Math) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldopnmmmjmhibkkhjihpejkbpnnnmkm [2014-11-27]
CHR Extension: (Crackle) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-11-27]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-11-20]
CHR Extension: (WordCounter.net) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmpgnfkmmcabkcikheplopibnejhcej [2014-11-27]
CHR Extension: (Google Play) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-11-27]
CHR Extension: (Mesh) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmcocklcehnlnacdljgddegdghggkpk [2014-11-28]
CHR Extension: (Qmee) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2014-11-20]
CHR Extension: (My Study Life) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2014-11-27]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-11-20]
CHR Extension: (Reference.com) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooffafbjcjgjinobbfdgkefebeiodngk [2014-11-27]
CHR Extension: (myHomework Student Planner) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [adkhghgijehdiemgfkmpamgcfanckplk] - C:\Users\Tammy\AppData\Local\CRE\adkhghgijehdiemgfkmpamgcfanckplk.crx []
CHR HKLM-x32\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Tammy\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 19:53 - 2014-11-30 19:53 - 00000197 _____ () C:\Windows\system32\2014-12-01-01-53-23.028-AvastVBoxSVC.exe-2464.log
2014-11-30 19:12 - 2014-11-30 20:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 19:11 - 2014-11-30 19:11 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-30 19:11 - 2014-11-30 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-30 19:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 19:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-30 19:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-30 19:08 - 2014-11-30 19:08 - 00000197 _____ () C:\Windows\system32\2014-12-01-01-08-33.078-AvastVBoxSVC.exe-2408.log
2014-11-30 17:29 - 2014-11-30 17:29 - 00000197 _____ () C:\Windows\system32\2014-11-30-23-29-07.051-AvastVBoxSVC.exe-3952.log
2014-11-29 22:25 - 2014-11-29 22:25 - 00000197 _____ () C:\Windows\system32\2014-11-30-04-25-42.089-AvastVBoxSVC.exe-2172.log
2014-11-29 20:29 - 2014-11-30 20:13 - 00000000 ____D () C:\FRST
2014-11-29 15:14 - 2014-11-29 15:14 - 00000197 _____ () C:\Windows\system32\2014-11-29-21-14-13.031-AvastVBoxSVC.exe-2656.log
2014-11-29 13:38 - 2014-11-29 13:38 - 00000197 _____ () C:\Windows\system32\2014-11-29-19-38-11.063-AvastVBoxSVC.exe-2552.log
2014-11-29 01:31 - 2014-11-29 01:31 - 00000197 _____ () C:\Windows\system32\2014-11-29-07-31-50.093-AvastVBoxSVC.exe-2232.log
2014-11-28 19:52 - 2014-11-28 19:52 - 00000197 _____ () C:\Windows\system32\2014-11-29-01-52-28.009-AvastVBoxSVC.exe-1784.log
2014-11-28 18:29 - 2014-11-28 18:29 - 00000197 _____ () C:\Windows\system32\2014-11-29-00-29-42.001-AvastVBoxSVC.exe-1916.log
2014-11-28 09:25 - 2014-11-28 09:25 - 00000197 _____ () C:\Windows\system32\2014-11-28-15-25-34.016-AvastVBoxSVC.exe-3052.log
2014-11-27 21:15 - 2014-11-27 21:17 - 00013944 _____ () C:\Users\Tammy\Desktop\dds.txt
2014-11-27 21:15 - 2014-11-27 21:17 - 00013639 _____ () C:\Users\Tammy\Desktop\attach.txt
2014-11-27 20:40 - 2014-11-27 20:42 - 00036864 ___SH () C:\Users\Tammy\AppData\Roaming\Thumbs.db
2014-11-27 20:20 - 2014-11-30 19:50 - 00015694 _____ () C:\Windows\PFRO.log
2014-11-27 19:43 - 2014-11-27 19:43 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-27 19:43 - 2014-11-27 19:43 - 00000197 _____ () C:\Windows\system32\2014-11-28-01-43-58.011-AvastVBoxSVC.exe-1576.log
2014-11-27 19:43 - 2014-11-27 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-27 19:43 - 2014-11-19 15:55 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-27 19:39 - 2014-11-27 19:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-27 19:24 - 2014-11-27 19:24 - 00000197 _____ () C:\Windows\system32\2014-11-28-01-24-32.056-AvastVBoxSVC.exe-2324.log
2014-11-27 18:12 - 2014-11-27 19:37 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Fast Browser
2014-11-25 19:38 - 2014-11-25 19:38 - 00111952 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 19:52 - 2014-11-23 19:54 - 00000000 ____D () C:\Users\Tammy\Desktop\Stericycle Work
2014-11-23 09:44 - 2014-11-23 09:44 - 00000197 _____ () C:\Windows\system32\2014-11-23-15-44-58.028-AvastVBoxSVC.exe-2068.log
2014-11-21 17:48 - 2014-11-21 17:49 - 00000197 _____ () C:\Windows\system32\2014-11-21-23-48-58.079-AvastVBoxSVC.exe-2804.log
2014-11-20 14:45 - 2014-11-20 14:45 - 00102197 _____ () C:\Users\Tammy\Super Mario World 2 - Yoshi's Island.smc.save
2014-11-20 10:27 - 2014-11-20 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 09:18 - 2014-11-27 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-20 02:02 - 2014-11-20 02:02 - 00103546 _____ () C:\Users\Tammy\super mario world 2
2014-11-19 17:55 - 2014-11-19 17:55 - 00000197 _____ () C:\Windows\system32\2014-11-19-23-55-28.062-AvastVBoxSVC.exe-2788.log
2014-11-19 17:51 - 2014-11-30 19:50 - 00000784 _____ () C:\Windows\setupact.log
2014-11-19 17:51 - 2014-11-19 17:53 - 00439472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 17:51 - 2014-11-19 17:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-19 16:18 - 2014-11-19 16:19 - 00000247 _____ () C:\Windows\system32\2014-11-19-22-18-56.057-aswFe.exe-2980.log
2014-11-19 16:12 - 2014-11-19 16:18 - 00000247 _____ () C:\Windows\system32\2014-11-19-22-12-19.010-aswFe.exe-1808.log
2014-11-19 16:12 - 2014-11-19 16:12 - 00000197 _____ () C:\Windows\system32\2014-11-19-22-12-13.007-AvastVBoxSVC.exe-3332.log
2014-11-19 16:03 - 2014-11-19 16:03 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-19 16:03 - 2014-11-19 16:03 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-19 15:55 - 2014-11-19 15:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-17 22:23 - 2014-11-19 16:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-17 22:23 - 2014-11-18 19:21 - 00000000 ____D () C:\Users\Tammy\Documents\ProPCCleaner
2014-11-17 22:23 - 2014-11-17 22:23 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Pro_PC_Cleaner
2014-11-17 22:23 - 2014-11-17 22:23 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Bluestacks
2014-11-10 20:11 - 2014-11-10 20:11 - 00000000 ____D () C:\Users\Trenton.Tammy-PC\AppData\Roaming\Mozilla
2014-11-07 06:34 - 2014-11-19 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hott notes 4
2014-11-07 06:34 - 2014-11-07 06:34 - 00001004 _____ () C:\Users\Trenton.Tammy-PC\Desktop\hott notes 4.lnk
2014-11-07 06:34 - 2014-11-07 06:34 - 00001004 _____ () C:\Users\Guest\Desktop\hott notes 4.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 20:03 - 2013-11-18 21:17 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA.job
2014-11-30 19:57 - 2013-10-11 08:24 - 01778745 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 19:54 - 2014-02-24 15:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 19:52 - 2014-02-16 12:18 - 00000000 ___RD () C:\Users\Tammy\Google Drive
2014-11-30 19:51 - 2014-01-02 13:26 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-30 19:51 - 2013-12-07 18:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 19:50 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 19:43 - 2013-10-11 14:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA.job
2014-11-30 19:40 - 2013-12-07 18:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 19:27 - 2014-02-14 21:44 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-30 19:11 - 2014-05-24 06:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 19:06 - 2013-10-11 09:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-30 19:01 - 2013-12-07 16:53 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:56 - 2013-10-11 09:07 - 00000000 ____D () C:\Program Files (x86)\Qmee
2014-11-30 18:55 - 2013-10-28 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-29 15:43 - 2013-10-11 14:14 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core.job
2014-11-29 09:03 - 2013-11-18 21:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core.job
2014-11-28 23:54 - 2009-07-13 22:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 23:54 - 2009-07-13 22:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 19:43 - 2013-11-18 20:08 - 00000000 ____D () C:\Users\Trenton.Tammy-PC
2014-11-27 19:43 - 2013-10-11 17:34 - 00000000 ____D () C:\Users\Guest
2014-11-27 19:39 - 2013-10-11 08:24 - 00000000 ____D () C:\Users\Tammy
2014-11-27 19:37 - 2013-10-11 09:19 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-27 19:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-24 11:13 - 2014-02-14 20:48 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\HpUpdate
2014-11-23 23:35 - 2014-01-12 21:42 - 00086016 ___SH () C:\Users\Tammy\Desktop\Thumbs.db
2014-11-23 20:12 - 2014-01-09 21:26 - 00000000 ____D () C:\Users\Tammy\Documents\School
2014-11-23 14:35 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 09:41 - 2014-05-27 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-21 17:51 - 2013-10-11 09:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-19 16:35 - 2013-10-11 09:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-19 15:55 - 2014-05-01 09:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-19 15:55 - 2013-12-29 10:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-19 15:55 - 2013-10-11 09:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-14 10:28 - 2013-10-11 09:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-14 10:27 - 2013-10-11 09:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Deployment
2014-11-14 06:35 - 2013-12-07 18:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 06:35 - 2013-12-07 18:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:38 - 2013-10-11 14:14 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA
2014-11-13 15:38 - 2013-10-11 14:14 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core
2014-11-13 08:58 - 2013-11-18 21:17 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA
2014-11-13 08:58 - 2013-11-18 21:17 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core
2014-11-11 16:54 - 2014-02-24 15:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 16:54 - 2013-10-11 09:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 16:54 - 2013-10-11 09:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 22:38 - 2013-10-11 14:14 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2014-11-10 07:34 - 2009-07-13 23:13 - 00801714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 17:37 - 2014-02-16 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 14:30 - 2010-11-20 21:27 - 00275080 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 08:53 - 2013-10-29 11:24 - 00131584 ___SH () C:\Users\Tammy\Documents\Thumbs.db
2014-11-04 08:50 - 2014-01-02 14:43 - 00000000 ____D () C:\Users\Tammy\Documents\Saved Misc
2014-11-04 08:15 - 2014-04-06 08:11 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Dropbox
 
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\AutoRun.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe
C:\Users\Tammy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 02:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01
Ran by Tammy at 2014-11-30 20:14:42
Running from C:\Users\Tammy\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Awakening: Moonfell Wood (HKLM-x32\...\BFG-Awakening - Moonfell Wood) (Version:  - )
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Awakening: The Goblin Kingdom Collector's Edition (HKLM-x32\...\BFG-Awakening - The Goblin Kingdom Collector's Edition) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Dark Parables: Rise of the Snow Queen Collector's Edition (HKLM-x32\...\BFG-Dark Parables - Rise of the Snow Queen Collector's Edition) (Version:  - )
Dark Parables: The Exiled Prince (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince) (Version:  - )
Dark Parables: The Exiled Prince Collector's Edition (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince Collector's Edition) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Grim Tales: The Bride Collector's Edition (HKLM-x32\...\BFG-Grim Tales - The Bride Collector's Edition) (Version:  - )
Grim Tales: The Legacy (HKLM-x32\...\BFG-Grim Tales - The Legacy) (Version:  - )
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.22.0-2010-10-21-ash - Alexander Shaduri)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Publix Preschool Pals (HKLM-x32\...\Publix Preschool Pals) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rabbit's Magic Adventures (HKLM-x32\...\BFG-Rabbit's Magic Adventures) (Version:  - )
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Ralink)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
18-11-2014 09:53:05 Windows Update
19-11-2014 21:53:48 avast! antivirus system restore point
22-11-2014 12:48:53 Windows Update
25-11-2014 13:17:27 Windows Update
28-11-2014 01:32:33 Restore Operation
28-11-2014 01:39:12 avast! antivirus system restore point
01-12-2014 00:54:29 Removed Java 7 Update 60
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2013-11-27 12:42 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BE4F284-DA5A-43A8-942B-6FDB995766B5} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {2D52945B-1187-43A2-8C3F-2BA7DD495A78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] ()
Task: {3B73C398-8F17-4A0F-9F5F-D7DF5B1936AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {3EC52CA4-F40F-4D6B-9303-858CF4E6B0F7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {46DA95B5-A2CD-4412-B55A-B3B5033973DF} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {5432AB66-F033-437C-BF16-3CBD118E49AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {5B88E16E-2C79-4953-A08A-C32287A5F8A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {9583D3DD-44D4-42DB-9ED6-6663A84BC007} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {AE4D70B5-463F-4ECA-A2D8-6C335CD40908} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {B5AAFB38-5DD9-488F-9A5D-9AEC22898574} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {BECF922A-1B6D-4496-AAAE-BBF389B6D146} - \Component System\Component No Task File <==== ATTENTION
Task: {C227F41B-EE96-4EFC-A7A9-4DCE35A0F25E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {DB5062BB-D1C7-4FC7-B4D1-A705E7469356} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {FC0DBDD8-00D7-458B-860B-1DF3CA472DF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1000UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039Core.job => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3788719127-3714897723-2409179310-1039UA.job => C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-19 15:55 - 2014-11-19 15:55 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-03-23 21:25 - 2014-03-07 14:39 - 03168576 _____ () C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-11-11 13:07 - 2011-11-11 13:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-04-14 13:41 - 2014-04-14 13:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2011-08-12 11:19 - 2011-08-12 11:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-11-30 17:32 - 2014-11-30 17:32 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14113001\algo.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-19 15:55 - 2014-11-19 15:55 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-30 19:51 - 2014-11-30 19:51 - 00098816 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32api.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00110080 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\pywintypes27.dll
2014-11-30 19:51 - 2014-11-30 19:51 - 00364544 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\pythoncom27.dll
2014-11-30 19:51 - 2014-11-30 19:51 - 00045568 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_socket.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 01160704 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_ssl.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00320512 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32com.shell.shell.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00713216 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_hashlib.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 01175040 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._core_.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00805888 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._gdi_.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00811008 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._windows_.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 01062400 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._controls_.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00735232 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._misc_.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00128512 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_elementtree.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00127488 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\pyexpat.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00557056 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\pysqlite2._sqlite.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00087552 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_ctypes.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00119808 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32file.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00108544 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32security.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00007168 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\hashobjs_ext.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00167936 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32gui.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00018432 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32event.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00038912 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32inet.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00011264 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32crypt.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00070656 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._html2.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00027136 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\_multiprocessing.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00035840 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32process.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00686080 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\unicodedata.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00122368 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._wizard.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00024064 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32pipe.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00025600 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32pdh.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00525640 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\windows._lib_cacheinvalidation.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00010240 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\select.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00017408 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32profile.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00022528 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\win32ts.pyd
2014-11-30 19:51 - 2014-11-30 19:51 - 00078336 _____ () C:\Users\Tammy\AppData\Local\Temp\_MEI32322\wx._animate.pyd
2014-11-20 09:18 - 2014-11-14 15:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-20 09:18 - 2014-11-14 15:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4157BB05
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4E40FF75
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:88C0A705
AlternateDataStreams: C:\ProgramData\TEMP:92FE8A60
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004
AlternateDataStreams: C:\ProgramData\TEMP:BDE339B9
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D64DD961
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3788719127-3714897723-2409179310-500 - Administrator - Disabled)
Guest (S-1-5-21-3788719127-3714897723-2409179310-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3788719127-3714897723-2409179310-1002 - Limited - Enabled)
Tammy (S-1-5-21-3788719127-3714897723-2409179310-1000 - Administrator - Enabled) => C:\Users\Tammy
Trenton (S-1-5-21-3788719127-3714897723-2409179310-1039 - Limited - Enabled) => C:\Users\Trenton.Tammy-PC
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/30/2014 07:51:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/30/2014 07:51:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2014 07:05:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2014 07:03:33 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/30/2014 05:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2014 05:24:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/29/2014 10:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9204
 
Error: (11/29/2014 10:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9204
 
Error: (11/29/2014 10:54:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/29/2014 10:26:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
 
System errors:
=============
Error: (11/30/2014 07:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (11/30/2014 07:52:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (11/30/2014 07:52:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (11/30/2014 07:52:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (11/30/2014 07:51:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-11 15:05:36.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:05:36.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:57.031
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:56.951
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:04.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:04.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:02.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:04:02.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:03:54.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-11 15:03:54.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netr28ux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3400 @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 4060.49 MB
Available physical RAM: 2355.62 MB
Total Pagefile: 8119.16 MB
Available Pagefile: 5983.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.44 GB) (Free:13.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 01 December 2014 - 02:23 PM

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   3.75KB   4 downloads

Let's do a final check up:

Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:09:51 PM

Posted 01 December 2014 - 08:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by Tammy at 2014-12-01 16:57:42 Run:1
Running from C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: Tammy & Trenton & Guest (Available profiles: Tammy & Trenton & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3788719127-3714897723-2409179310-1000 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3788719127-3714897723-2409179310-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
CHR StartupUrls: Default -> "hxxp://www.go
CHR HKLM-x32\...\Chrome\Extension: [adkhghgijehdiemgfkmpamgcfanckplk] - C:\Users\Tammy\AppData\Local\CRE\adkhghgijehdiemgfkmpamgcfanckplk.crx []
CHR HKLM-x32\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Tammy\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx []
Task: {BECF922A-1B6D-4496-AAAE-BBF389B6D146} - \Component System\Component No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:4157BB05
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4E40FF75
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:88C0A705
AlternateDataStreams: C:\ProgramData\TEMP:92FE8A60
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:BCFEA004
AlternateDataStreams: C:\ProgramData\TEMP:BDE339B9
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D64DD961
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1aCopyShExtError" => Key deleted successfully.
"HKCR\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\2aCopyShExtSynced" => Key deleted successfully.
"HKCR\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\3aCopyShExtSyncing" => Key deleted successfully.
"HKCR\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4aCopyShExtSyncingProg1" => Key deleted successfully.
"HKCR\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\5aCopyShExtSyncingProg2" => Key deleted successfully.
"HKCR\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\6aCopyShExtSyncingProg3" => Key deleted successfully.
"HKCR\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\7aCopyShExtSyncingProg4" => Key deleted successfully.
"HKCR\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\8aCopyShExtSyncingProg5" => Key deleted successfully.
"HKCR\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E120ACB6-21BA-45ED-9E79-32079107C103} => value deleted successfully.
"HKCR\CLSID\{E120ACB6-21BA-45ED-9E79-32079107C103}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\adkhghgijehdiemgfkmpamgcfanckplk" => Key deleted successfully.
"C:\Users\Tammy\AppData\Local\CRE\adkhghgijehdiemgfkmpamgcfanckplk.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cpoooaodibfldhiobnmnjliddplmekeb" => Key deleted successfully.
"C:\Users\Tammy\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BECF922A-1B6D-4496-AAAE-BBF389B6D146}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BECF922A-1B6D-4496-AAAE-BBF389B6D146}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Component System\Component" => Key deleted successfully.
C:\ProgramData\TEMP => ":02DD996C" ADS removed successfully.
C:\ProgramData\TEMP => ":0BBF232A" ADS removed successfully.
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":322D2CD3" ADS removed successfully.
C:\ProgramData\TEMP => ":363E775E" ADS removed successfully.
C:\ProgramData\TEMP => ":4157BB05" ADS removed successfully.
C:\ProgramData\TEMP => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\TEMP => ":4E40FF75" ADS removed successfully.
C:\ProgramData\TEMP => ":57B2B96C" ADS removed successfully.
C:\ProgramData\TEMP => ":6641B59F" ADS removed successfully.
C:\ProgramData\TEMP => ":6B2FBF73" ADS removed successfully.
C:\ProgramData\TEMP => ":6EE8565A" ADS removed successfully.
C:\ProgramData\TEMP => ":70B3C619" ADS removed successfully.
C:\ProgramData\TEMP => ":7C8AA9A6" ADS removed successfully.
C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
C:\ProgramData\TEMP => ":87A3A233" ADS removed successfully.
C:\ProgramData\TEMP => ":88C0A705" ADS removed successfully.
C:\ProgramData\TEMP => ":92FE8A60" ADS removed successfully.
C:\ProgramData\TEMP => ":B0456F0C" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\TEMP => ":BCFEA004" ADS removed successfully.
C:\ProgramData\TEMP => ":BDE339B9" ADS removed successfully.
C:\ProgramData\TEMP => ":CB959782" ADS removed successfully.
C:\ProgramData\TEMP => ":CD6E25A6" ADS removed successfully.
C:\ProgramData\TEMP => ":CF75D88F" ADS removed successfully.
C:\ProgramData\TEMP => ":D64DD961" ADS removed successfully.
C:\ProgramData\TEMP => ":D6D084A5" ADS removed successfully.
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

 

 

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : TAMMY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Tammy-PC\Tammy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)
 
   Scan date . . . . . . : 2014-12-01 17:39:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 15m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 20
 
   Objects scanned . . . : 1,464,956
   Files scanned . . . . : 33,680
   Remnants scanned  . . : 351,469 files / 1,079,807 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
      Size . . . . . . . : 3,168,576 bytes
      Age  . . . . . . . : 252.8 days (2014-03-23 21:25:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : C219B07C13DE0C45CB0D51CCD6971A389DCEDA316964CCBBF4F87CA60B31D01A
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Authenticode . . . : Self-signed
      Running processes  : 3856
      Fuzzy  . . . . . . : 24.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Cloud Player
      Network Ports
         127.0.0.1:4750 
 
   C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,117,632 bytes
      Age  . . . . . . . : 1.9 days (2014-11-29 20:28:30)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0A3AF33164BDB71EDE4BC4EC461207C03FC8E9FFEF291B4538F8BEC99AB804D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,117,120 bytes
      Age  . . . . . . . : 0.0 days (2014-12-01 16:57:33)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 81232B69650A6091BC14D05B98CDD301CE78CF5DA433FB03FCB8C0CF85DB5BE8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\
          6.4s C:\Windows\Prefetch\FRST64.EXE-7991C1EB.pf
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\FRST\Logs\ct
          9.1s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\Fixlog.txt
 
   C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,117,120 bytes
      Age  . . . . . . . : 0.1 days (2014-12-01 16:24:45)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 81232B69650A6091BC14D05B98CDD301CE78CF5DA433FB03FCB8C0CF85DB5BE8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          3.6s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\
          6.4s C:\Windows\Prefetch\FRST64.EXE-8D0B1387.pf
 
   C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,117,120 bytes
      Age  . . . . . . . : 0.1 days (2014-12-01 16:23:17)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 81232B69650A6091BC14D05B98CDD301CE78CF5DA433FB03FCB8C0CF85DB5BE8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST64.exe
          3.8s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          7.4s C:\Windows\Prefetch\FRST64.EXE-A6E5DCE3.pf
          8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{855DCB7A-BCF8-4C9F-B93E-FEFA92E4F878}
 
   C:\Users\Tammy\Documents\Downloads\FRST64.exe
      Size . . . . . . . : 2,117,120 bytes
      Age  . . . . . . . : 0.9 days (2014-11-30 20:13:18)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 1584169C7DCDFDD1A57C923B8673B366F406EB72A3EFCBBE64523FB2985B2B86
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Tammy\Documents\Downloads\FRST64.exe
          0.0s C:\Users\Tammy\Documents\Downloads\FRST64.exe
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\
          3.5s C:\Users\Tammy\Documents\Downloads\FRST-OlderVersion\
          6.7s C:\Windows\Prefetch\FRST64.EXE-5BB679FF.pf
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\Users\Tammy\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{EEE6C360-6118-11DC-9C72-001320C79847}.ico (Sweetpacks)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Wpm\ (FTDownloader)
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-21-3788719127-3714897723-2409179310-1000\Software\Condut\ (Sweetpacks)
   HKU\S-1-5-21-3788719127-3714897723-2409179310-1039\Software\Microsoft\Internet Explorer\SearchScopes\{bb3ff22c-b6cc-4f85-a882-dfe4755e836f}\ (Conduit)
   HKU\S-1-5-21-3788719127-3714897723-2409179310-501\Software\Microsoft\Internet Explorer\SearchScopes\{bb3ff22c-b6cc-4f85-a882-dfe4755e836f}\ (Conduit)
 
Cookies _____________________________________________________________________
 
   C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
 
 
 
 
 
ESET log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3287430\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3287804\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\couponpeak\VyBbZ3uibfJ3r0.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\ProgramData\couponpeak\VyBbZ3uibfJ3r0.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\AdwCleaner\Quarantine\C\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\background.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\bootstrap.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\newtab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\opentab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application
C:\Users\Guest\Downloads\cbsidlm-cbsi134-MP3MyMP3-BP-10369269.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Guest\Downloads\super-mario-kart.exe a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\Tammy\AppData\Roaming\Angry_Birds\Angry_Birds.exe a variant of Win32/Toolbar.Iminent.C potentially unwanted application
C:\Users\Tammy\AppData\Roaming\ExpoThemes\Halloween 2012 Theme 1.0.0\install\AD7351B\Halloween 2012 Theme.msi Win32/InstallMonetizer.AQ potentially unwanted application
C:\Users\Tammy\Documents\USB stuff\Creative Audio\cbsidlm-tr1_13-Creative_Labs_Sound_Blaster_PCI128_Driver_Update_Windows_9598-SEO-10023387.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Trenton.Tammy-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb\248\YCjYI.js JS/Kryptik.ATB trojan
C:\Users\Trenton.Tammy-PC\Downloads\trzDC32.tmp Win32/DownloadAdmin.G potentially unwanted application
 


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 02 December 2014 - 04:24 AM

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 THtweey

THtweey
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AL
  • Local time:09:51 PM

Posted 02 December 2014 - 10:46 AM

The computer seems to be running great now. I don't seem to have any more problems. :) Thank you so very much!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 02 December 2014 - 11:30 AM

It's good to hear that your problems appear to be solved. :)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:51 AM

Posted 06 December 2014 - 07:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users