Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast Free finds infection at least 2x per day Infection:URL:MAL


  • This topic is locked This topic is locked
12 replies to this topic

#1 cuate

cuate

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 30 November 2014 - 05:00 PM

For about a week or so i keep getting popups from Avast Free that they have blocked an infection, approx 2x per day. I cannot say which website is causing the popup as I usually have many windows opened at 1 time.

 

The pop up says

c:/Programfiles/google.../chrome.exe

Infection:ULR:MAL

Obj: https: then a bunch of numbers and dots

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Desktop at 16:50:08 on 2014-11-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1198 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: windowsupdate.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2DCD3F0F-33B3-4F0D-BCF2-289AA509D0AA} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\desktop\appdata\roaming\mozilla\firefox\profiles\6vwqogat.default-1388148876095\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\desktop\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\desktop\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\users\desktop\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-12-15 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-12-15 423784]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-2-22 81920]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-15 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-27 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-11-21 50344]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-2-22 27648]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2014-11-21 218192]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2014-11-21 3192344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-22 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-12 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 14848]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2010-2-22 35328]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-2-22 19968]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2010-2-22 35328]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-28 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-26 27136]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-2-22 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-27 1343400]
.
=============== Created Last 30 ================
.
2014-11-21 15:43:20 -------- d-----w- c:\windows\system32\vbox
2014-11-21 15:38:01 43152 ----a-w- c:\windows\avastSS.scr
2014-11-19 12:22:22 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-11-19 12:21:23 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 12:21:22 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 12:21:18 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-11-19 12:21:03 5703168 ----a-w- c:\windows\system32\mstscax.dll
2014-11-19 12:21:02 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-11-13 18:34:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 18:34:31 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 18:34:31 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 18:34:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 18:34:31 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 18:34:31 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 18:34:29 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 18:34:29 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 18:34:28 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 18:34:28 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 18:34:28 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 18:34:28 195584 ----a-w- c:\windows\system32\AudioSes.dll
.
==================== Find3M  ====================
.
2014-11-30 17:59:48 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-30 17:59:48 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-22 03:38:12 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 15:38:01 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-21 15:38:01 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 15:38:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 15:38:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 15:38:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 15:38:01 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-06 13:06:22 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-06 03:28:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:49 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-02 11:47:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-10-02 11:47:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
.
============= FINISH: 16:51:33.59 ===============
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 04 December 2014 - 08:28 PM

hi,

 

If you still need help please post a FRST log and we will go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. You can get the 32 bit version.
 
    Right-click FRST then click "Run as administrator"
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 11 December 2014 - 08:08 PM

Hi, I still need help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 02
Ran by Desktop (administrator) on DESKTOP-PC on 11-12-2014 20:04:56
Running from C:\Users\Desktop\Downloads
Loaded Profile: Desktop (Available profiles: Desktop & Lou)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\CounterPath\X-Lite\x-lite.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-10-02] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\Run: [eyeBeam SIP Client] => C:\Program Files\CounterPath\X-Lite\x-lite.exe [23941120 2010-01-04] ()
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\MountPoints2: F - F:\launcher.exe
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\MountPoints2: {2717e98a-26db-11df-8329-a4badbe596c4} - F:\launcher.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0F1F1E65-0DC7-4DB8-85C8-50B9FEA08FD0} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> {0F1F1E65-0DC7-4DB8-85C8-50B9FEA08FD0} URL = http://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> {3B7FE879-8D19-4E73-9869-A693EE800F27} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\6vwqogat.default-1388148876095
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3676358354-4005122944-1009459733-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Desktop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3676358354-4005122944-1009459733-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Desktop\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Desktop\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\6vwqogat.default-1388148876095\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-02]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (RealDownloader) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows ® Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows ® Codename Longhorn DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-11 20:04 - 2014-12-11 20:05 - 00022222 _____ () C:\Users\Desktop\Downloads\FRST.txt
2014-12-11 20:04 - 2014-12-11 20:05 - 00000000 ____D () C:\FRST
2014-12-11 20:03 - 2014-12-11 20:03 - 01111040 _____ (Farbar) C:\Users\Desktop\Downloads\FRST.exe
2014-12-11 18:07 - 2014-12-11 18:07 - 00871987 _____ () C:\Users\Desktop\Downloads\4087_10444753 (1).wma
2014-12-11 18:01 - 2014-12-11 18:02 - 00871987 _____ () C:\Users\Desktop\Downloads\4087_10444753.wma
2014-12-11 08:23 - 2014-12-11 08:23 - 01693549 _____ () C:\Users\Desktop\Downloads\10463_10445479.wma
2014-12-11 08:14 - 2014-12-11 08:14 - 00932563 _____ () C:\Users\Desktop\Downloads\10458_10445462.wma
2014-12-11 08:11 - 2014-12-11 08:11 - 00591192 _____ () C:\Users\Desktop\Downloads\6789_10444762.wma
2014-12-11 08:06 - 2014-12-11 08:06 - 00825924 _____ () C:\Users\Desktop\Downloads\5208_10444759.wma
2014-12-11 07:40 - 2014-12-11 07:40 - 00034980 _____ () C:\Users\Desktop\Downloads\Federal Reserve Tour List.zip
2014-12-11 07:37 - 2014-12-11 07:37 - 03516558 _____ () C:\Users\Desktop\Downloads\Currency Research 62213 - Federal Reserve Tour - December 11.zip
2014-12-10 15:18 - 2014-12-10 15:18 - 00418929 _____ () C:\Users\Desktop\Downloads\2008_10445331.wma
2014-12-10 14:25 - 2014-12-10 14:25 - 01597637 _____ () C:\Users\Desktop\Downloads\6821_10444765 (3).wma
2014-12-10 14:17 - 2014-12-10 14:17 - 01597637 _____ () C:\Users\Desktop\Downloads\6821_10444765 (2).wma
2014-12-10 12:12 - 2014-12-10 12:12 - 01107981 _____ () C:\Users\Desktop\Downloads\6620_10445512.wma
2014-12-10 12:07 - 2014-12-10 12:07 - 00781754 _____ () C:\Users\Desktop\Downloads\6619_10445507.wma
2014-12-10 12:04 - 2014-12-10 12:04 - 00560904 _____ () C:\Users\Desktop\Downloads\6618_10445503.wma
2014-12-10 12:03 - 2014-12-10 12:03 - 00466885 _____ () C:\Users\Desktop\Downloads\9985_10444768 (1).wma
2014-12-10 11:59 - 2014-12-10 11:59 - 00466885 _____ () C:\Users\Desktop\Downloads\9985_10444768.wma
2014-12-10 11:58 - 2014-12-10 11:58 - 00009410 _____ () C:\Users\Desktop\Downloads\6821_10444765 (1).wma
2014-12-10 11:57 - 2014-12-10 11:57 - 00009410 _____ () C:\Users\Desktop\Downloads\6821_10444765.wma
2014-12-10 11:53 - 2014-12-10 11:53 - 00611384 _____ () C:\Users\Desktop\Downloads\5202_10444756.wma
2014-12-10 11:48 - 2014-12-10 11:49 - 00000197 _____ () C:\Windows\system32\2014-12-10-16-48-58.087-AvastVBoxSVC.exe-2772.log
2014-12-10 08:32 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:32 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:32 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 08:32 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:32 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:32 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:31 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:31 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:31 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:31 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:31 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:31 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:31 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:31 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:31 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:31 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:31 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:31 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:31 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:31 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 18:08 - 2014-12-09 18:08 - 02853922 _____ () C:\Users\Desktop\Downloads\Currency Research 62213 - Off Property Event (Briza on the Bay) - December 10.zip
2014-12-09 16:10 - 2014-12-09 16:10 - 00769134 _____ () C:\Users\Desktop\Downloads\8794_10445071.wma
2014-12-09 15:58 - 2014-12-09 15:58 - 00743263 _____ () C:\Users\Desktop\Downloads\3024_10445405.wma
2014-12-09 10:06 - 2014-12-09 10:06 - 00602759 _____ () C:\Users\Desktop\Downloads\Love you (2).zip
2014-12-09 09:48 - 2014-12-09 09:48 - 01212727 _____ () C:\Users\Desktop\Downloads\MOODY_10445092.wma
2014-12-09 09:47 - 2014-12-09 09:47 - 00602759 _____ () C:\Users\Desktop\Downloads\Love you (1).zip
2014-12-08 17:33 - 2014-12-08 17:33 - 00565321 _____ () C:\Users\Desktop\Downloads\10971_10445118.wma
2014-12-08 15:22 - 2014-12-08 15:22 - 00602759 _____ () C:\Users\Desktop\Downloads\Love you.zip
2014-12-07 12:32 - 2014-12-07 12:32 - 02060909 _____ () C:\Users\Desktop\Downloads\Tiffany.zip
2014-12-06 07:02 - 2014-12-06 07:02 - 00052661 _____ () C:\Users\Desktop\Downloads\Confirmation and Directions.zip
2014-12-06 06:55 - 2014-12-06 06:55 - 00000197 _____ () C:\Windows\system32\2014-12-06-11-55-21.092-AvastVBoxSVC.exe-3056.log
2014-12-04 10:00 - 2014-12-04 10:00 - 00097301 _____ () C:\Users\Desktop\Downloads\Nov inv (1).zip
2014-12-04 09:35 - 2014-12-04 09:35 - 00097301 _____ () C:\Users\Desktop\Downloads\Nov inv.zip
2014-12-04 09:23 - 2014-12-04 09:23 - 00095765 _____ () C:\Users\Desktop\Downloads\Nov invoice backup.zip
2014-12-04 08:54 - 2014-12-04 08:54 - 00118060 _____ () C:\Users\Desktop\Downloads\Thursday water taxi at Dip (1).zip
2014-12-03 15:56 - 2014-12-03 15:56 - 01859502 _____ () C:\Users\Desktop\Downloads\MOODY_10445094.wma
2014-12-03 09:53 - 2014-12-03 09:53 - 00974209 _____ () C:\Users\Desktop\Downloads\10463_10445478.wma
2014-12-03 09:52 - 2014-12-03 09:52 - 00145706 _____ () C:\Users\Desktop\Downloads\1084_10444563.wma
2014-12-02 11:22 - 2014-12-02 11:22 - 01399503 _____ () C:\Users\Desktop\Downloads\10455_10445456.wma
2014-12-02 11:18 - 2014-12-02 11:18 - 00332482 _____ () C:\Users\Desktop\Downloads\2008_10445329.wma
2014-12-02 11:16 - 2014-12-02 11:16 - 00783647 _____ () C:\Users\Desktop\Downloads\1231_10445410 (1).wma
2014-12-02 11:11 - 2014-12-02 11:11 - 00783647 _____ () C:\Users\Desktop\Downloads\1231_10445410.wma
2014-12-02 07:52 - 2014-12-02 07:53 - 00122774 _____ () C:\Users\Desktop\Downloads\scoring guide for crossroads (1).zip
2014-12-02 07:44 - 2014-12-02 07:44 - 00122774 _____ () C:\Users\Desktop\Downloads\scoring guide for crossroads.zip
2014-12-01 20:53 - 2014-12-01 20:54 - 00000197 _____ () C:\Windows\system32\2014-12-02-01-53-49.024-AvastVBoxSVC.exe-2876.log
2014-12-01 18:07 - 2014-12-01 18:07 - 00118060 _____ () C:\Users\Desktop\Downloads\Thursday water taxi at Dip.zip
2014-12-01 16:19 - 2014-12-01 16:19 - 01553467 _____ () C:\Users\Desktop\Downloads\3013_10445496.wma
2014-12-01 16:14 - 2014-12-01 16:14 - 01260052 _____ () C:\Users\Desktop\Downloads\3012_10445100.wma
2014-12-01 10:52 - 2014-12-01 10:52 - 01190011 _____ () C:\Users\Desktop\Downloads\3081_10445086 (1).wma
2014-12-01 10:32 - 2014-12-01 10:32 - 01190011 _____ () C:\Users\Desktop\Downloads\3081_10445086.wma
2014-12-01 08:09 - 2014-12-01 08:09 - 00241841 _____ () C:\Users\Desktop\Downloads\Your E-Tickets are attached - 001-0745 1645.zip
2014-12-01 06:53 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-01 06:53 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-01 06:53 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-30 20:07 - 2014-11-30 20:07 - 01753494 _____ () C:\Users\Desktop\Downloads\5371_10443762 (1).wma
2014-11-30 20:06 - 2014-11-30 20:07 - 01753494 _____ () C:\Users\Desktop\Downloads\5371_10443762.wma
2014-11-30 16:51 - 2014-11-30 16:51 - 00016612 _____ () C:\Users\Desktop\Desktop\dds.txt
2014-11-30 16:51 - 2014-11-30 16:51 - 00008600 _____ () C:\Users\Desktop\Desktop\attach.txt
2014-11-30 16:49 - 2014-11-30 16:49 - 00688992 ____R (Swearware) C:\Users\Desktop\Downloads\dds.com
2014-11-30 13:01 - 2014-11-30 13:01 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Desktop\Downloads\AdobeAIRInstaller.exe
2014-11-30 11:06 - 2014-11-30 11:06 - 00110912 _____ () C:\Users\Desktop\Downloads\Outlook.com (12).zip
2014-11-30 10:55 - 2014-11-30 10:55 - 00119065 _____ () C:\Users\Desktop\Downloads\Outlook.com (11).zip
2014-11-30 10:50 - 2014-11-30 10:50 - 00506426 _____ () C:\Users\Desktop\Downloads\Frame small.zip
2014-11-30 09:34 - 2014-11-30 09:34 - 00916561 _____ () C:\Users\Desktop\Downloads\Grinder.zip
2014-11-29 13:11 - 2014-11-29 13:11 - 00540795 _____ () C:\Users\Desktop\Downloads\Charger.zip
2014-11-28 10:56 - 2014-11-28 10:56 - 01370039 _____ () C:\Users\Desktop\Downloads\Acorn.zip
2014-11-28 06:50 - 2014-11-28 06:51 - 00000197 _____ () C:\Windows\system32\2014-11-28-11-50-30.024-AvastVBoxSVC.exe-3484.log
2014-11-27 11:57 - 2014-11-27 11:57 - 00508121 _____ () C:\Users\Desktop\Downloads\Fire.zip
2014-11-26 10:59 - 2014-11-26 10:59 - 01008283 _____ () C:\Users\Desktop\Downloads\1159_10443414.wma
2014-11-26 09:20 - 2014-11-26 09:20 - 00456789 _____ () C:\Users\Desktop\Downloads\MOODY_10443122.wma
2014-11-26 08:40 - 2014-11-26 08:40 - 00007394 _____ () C:\Users\Desktop\Downloads\01-Jan-2014_to_19-Oct-2014.csv
2014-11-26 08:40 - 2014-11-26 08:40 - 00007394 _____ () C:\Users\Desktop\Downloads\01-Jan-2014_to_19-Oct-2014 (1).csv
2014-11-25 12:45 - 2014-11-25 12:45 - 01694180 _____ () C:\Users\Desktop\Downloads\6621_10443579.wma
2014-11-25 12:42 - 2014-11-25 12:42 - 00701617 _____ () C:\Users\Desktop\Downloads\10462_10443531 (1).wma
2014-11-25 12:37 - 2014-11-25 12:37 - 00701617 _____ () C:\Users\Desktop\Downloads\10462_10443531.wma
2014-11-25 12:32 - 2014-11-25 12:32 - 00688997 _____ () C:\Users\Desktop\Downloads\10971_10443153 (1).wma
2014-11-25 12:17 - 2014-11-25 12:17 - 00777337 _____ () C:\Users\Desktop\Downloads\11029_10444485.wma
2014-11-25 12:17 - 2014-11-25 12:17 - 00777337 _____ () C:\Users\Desktop\Downloads\11029_10444485 (1).wma
2014-11-25 12:13 - 2014-11-25 12:13 - 00688997 _____ () C:\Users\Desktop\Downloads\10971_10443153.wma
2014-11-25 12:04 - 2014-11-25 12:04 - 01379942 _____ () C:\Users\Desktop\Downloads\3012_10443134.wma
2014-11-24 10:00 - 2014-11-24 10:00 - 01398241 _____ () C:\Users\Desktop\Downloads\10460_10443522.wma
2014-11-24 09:50 - 2014-11-24 09:50 - 00035211 _____ () C:\Users\Desktop\Downloads\Outlook.com (10).zip
2014-11-23 17:13 - 2014-11-23 17:13 - 01966886 _____ () C:\Users\Desktop\Downloads\Fluffy 1 (1).zip
2014-11-23 17:11 - 2014-11-23 17:11 - 01966886 _____ () C:\Users\Desktop\Downloads\Fluffy 1.zip
2014-11-23 16:56 - 2014-11-23 16:56 - 02471796 _____ () C:\Users\Desktop\Downloads\Graham part 2.zip
2014-11-23 16:55 - 2014-11-23 16:55 - 02156524 _____ () C:\Users\Desktop\Downloads\Robert graham 1st 4.zip
2014-11-23 15:34 - 2014-11-23 15:34 - 00247497 _____ () C:\Users\Desktop\Downloads\Don't let your vision benefits expire!.zip
2014-11-23 14:33 - 2014-11-23 14:33 - 00505105 _____ () C:\Users\Desktop\Downloads\Zyrtec.zip
2014-11-23 14:13 - 2014-11-28 10:58 - 00070144 ___SH () C:\Users\Desktop\Documents\Thumbs.db
2014-11-23 14:12 - 2014-11-23 14:12 - 00044894 _____ () C:\Users\Desktop\Downloads\Razors.zip
2014-11-23 11:40 - 2014-11-23 11:40 - 00000197 _____ () C:\Windows\system32\2014-11-23-16-40-49.068-AvastVBoxSVC.exe-2732.log
2014-11-23 08:51 - 2014-11-23 08:51 - 00571200 _____ () C:\Users\Desktop\Downloads\HealthSummary20141123.zip
2014-11-21 20:24 - 2014-11-21 20:24 - 00467516 _____ () C:\Users\Desktop\Downloads\1159_10443201.wma
2014-11-21 20:21 - 2014-11-21 20:21 - 00318600 _____ () C:\Users\Desktop\Downloads\6620_10443570.wma
2014-11-21 20:16 - 2014-11-21 20:16 - 01319366 _____ () C:\Users\Desktop\Downloads\10455_10445638.wma
2014-11-21 20:08 - 2014-11-21 20:08 - 01263207 _____ () C:\Users\Desktop\Downloads\2021_10443395.wma
2014-11-21 20:00 - 2014-11-21 20:00 - 01265731 _____ () C:\Users\Desktop\Downloads\3012_10443133.wma
2014-11-21 11:10 - 2014-12-11 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 11:10 - 2014-11-21 11:10 - 00223793 _____ () C:\Users\Desktop\Downloads\For sale fb (1).zip
2014-11-21 10:53 - 2014-11-21 10:53 - 00000247 _____ () C:\Windows\system32\2014-11-21-15-53-33.005-aswFe.exe-2828.log
2014-11-21 10:49 - 2014-11-21 10:53 - 00000247 _____ () C:\Windows\system32\2014-11-21-15-49-42.058-aswFe.exe-3844.log
2014-11-21 10:49 - 2014-11-21 10:49 - 00000197 _____ () C:\Windows\system32\2014-11-21-15-49-37.049-AvastVBoxSVC.exe-3564.log
2014-11-21 10:43 - 2014-11-21 10:43 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-21 10:38 - 2014-11-21 10:38 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 10:38 - 2014-11-21 10:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-21 10:38 - 2014-11-21 10:38 - 00002007 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-21 09:50 - 2014-11-21 09:50 - 00223793 _____ () C:\Users\Desktop\Downloads\For sale fb.zip
2014-11-21 09:34 - 2014-11-21 09:35 - 01827321 _____ () C:\Users\Desktop\Downloads\2648_10443550.wma
2014-11-21 09:14 - 2014-11-21 09:14 - 01465127 _____ () C:\Users\Desktop\Downloads\10459_10443520.wma
2014-11-21 09:07 - 2014-11-21 09:07 - 01407706 _____ () C:\Users\Desktop\Downloads\10458_10443518.wma
2014-11-21 08:52 - 2014-11-21 08:52 - 01199476 _____ () C:\Users\Desktop\Downloads\6621_10445639.wma
2014-11-21 07:20 - 2014-11-21 07:20 - 01581231 _____ () C:\Users\Desktop\Downloads\5371_10443760.wma
2014-11-20 15:23 - 2014-11-20 15:23 - 01410861 _____ () C:\Users\Desktop\Downloads\6621_10443580 (1).wma
2014-11-20 15:10 - 2014-11-20 15:10 - 00936980 _____ () C:\Users\Desktop\Downloads\1368_10443597.wma
2014-11-20 13:32 - 2014-11-20 13:32 - 01092837 _____ () C:\Users\Desktop\Downloads\10555_10443542.wma
2014-11-20 13:25 - 2014-11-20 13:25 - 01153413 _____ () C:\Users\Desktop\Downloads\10457_10443516.wma
2014-11-20 13:03 - 2014-11-20 13:03 - 01410861 _____ () C:\Users\Desktop\Downloads\6621_10443580.wma
2014-11-20 13:01 - 2014-11-20 13:01 - 00951493 _____ () C:\Users\Desktop\Downloads\6910_10443463 (1).wma
2014-11-20 12:55 - 2014-11-20 12:55 - 00951493 _____ () C:\Users\Desktop\Downloads\6910_10443463.wma
2014-11-20 12:41 - 2014-11-20 12:42 - 01302960 _____ () C:\Users\Desktop\Downloads\3059_10443459.wma
2014-11-20 12:37 - 2014-11-20 12:37 - 00641041 _____ () C:\Users\Desktop\Downloads\MOODY_10443115.wma
2014-11-20 12:33 - 2014-11-20 12:33 - 00638517 _____ () C:\Users\Desktop\Downloads\10971_10443154.wma
2014-11-19 18:21 - 2014-11-19 18:21 - 01092837 _____ () C:\Users\Desktop\Downloads\6621_10443578.wma
2014-11-19 18:15 - 2014-11-19 18:15 - 00765348 _____ () C:\Users\Desktop\Downloads\10462_10444497.wma
2014-11-19 18:07 - 2014-11-19 18:07 - 01256266 _____ () C:\Users\Desktop\Downloads\10456_10443514.wma
2014-11-19 18:03 - 2014-11-19 18:03 - 01726992 _____ () C:\Users\Desktop\Downloads\10455_10443512.wma
2014-11-19 17:59 - 2014-11-19 17:59 - 00866308 _____ () C:\Users\Desktop\Downloads\3105_10443480 (1).wma
2014-11-19 17:54 - 2014-11-19 17:54 - 00866308 _____ () C:\Users\Desktop\Downloads\3105_10443480.wma
2014-11-19 17:47 - 2014-11-19 17:47 - 01151520 _____ () C:\Users\Desktop\Downloads\3105_10443479.wma
2014-11-19 17:02 - 2014-11-19 17:02 - 01385621 _____ () C:\Users\Desktop\Downloads\3012_10443132.wma
2014-11-19 16:59 - 2014-11-19 16:59 - 00711082 _____ () C:\Users\Desktop\Downloads\3095_10443016.wma
2014-11-19 16:54 - 2014-11-19 16:54 - 00687104 _____ () C:\Users\Desktop\Downloads\9971_10442799.wma
2014-11-19 07:24 - 2014-11-19 07:24 - 01203262 _____ () C:\Users\Desktop\Downloads\10460_10444474 (2).wma
2014-11-19 07:22 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-19 07:21 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:21 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:21 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-19 07:21 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-19 07:21 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-18 20:54 - 2014-12-11 08:39 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Desktop.job
2014-11-18 20:54 - 2014-12-10 11:47 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Desktop.job
2014-11-18 20:54 - 2014-12-10 10:05 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Desktop.job
2014-11-18 19:10 - 2014-11-18 19:10 - 00513275 _____ () C:\Users\Desktop\Downloads\scoring feedback (21).zip
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-18 13:13 - 2014-11-18 13:13 - 00100274 _____ () C:\Users\Desktop\Downloads\1084_10443606.wma
2014-11-18 13:10 - 2014-11-18 13:10 - 00366556 _____ () C:\Users\Desktop\Downloads\10493_10442985.wma
2014-11-18 13:09 - 2014-11-18 13:09 - 01499201 _____ () C:\Users\Desktop\Downloads\10460_10444474 (1).wma
2014-11-18 13:01 - 2014-11-18 13:01 - 01499201 _____ () C:\Users\Desktop\Downloads\10460_10444474.wma
2014-11-18 12:51 - 2014-11-18 12:51 - 01128804 _____ () C:\Users\Desktop\Downloads\6621_10443577.wma
2014-11-18 07:11 - 2014-11-18 07:11 - 01206417 _____ () C:\Users\Desktop\Downloads\10484_10443538 (1).wma
2014-11-18 07:04 - 2014-11-18 07:04 - 01206417 _____ () C:\Users\Desktop\Downloads\10484_10443538.wma
2014-11-17 13:08 - 2014-11-17 13:08 - 01233550 _____ () C:\Users\Desktop\Downloads\3095_10443018.wma
2014-11-17 13:01 - 2014-11-17 13:01 - 01210203 _____ () C:\Users\Desktop\Downloads\3012_10443130.wma
2014-11-17 12:50 - 2014-11-17 12:50 - 01106088 _____ () C:\Users\Desktop\Downloads\3012_10443131.wma
2014-11-17 12:16 - 2014-11-17 12:16 - 01109874 _____ () C:\Users\Desktop\Downloads\MOODY_10443119.wma
2014-11-14 13:36 - 2014-11-14 13:36 - 01231026 _____ () C:\Users\Desktop\Downloads\10461_10443527.wma
2014-11-14 13:25 - 2014-11-14 13:25 - 01246801 _____ () C:\Users\Desktop\Downloads\10351_10443268.wma
2014-11-13 15:03 - 2014-11-13 15:03 - 00892810 _____ () C:\Users\Desktop\Downloads\10979_10443623 (3).wma
2014-11-13 15:00 - 2014-11-13 15:00 - 00892810 _____ () C:\Users\Desktop\Downloads\10979_10443623 (2).wma
2014-11-13 14:52 - 2014-11-13 14:52 - 01085896 _____ () C:\Users\Desktop\Downloads\10979_10443622 (2).wma
2014-11-13 13:36 - 2014-11-13 13:36 - 00723071 _____ () C:\Users\Desktop\Downloads\3008_10442875.wma
2014-11-13 13:34 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 13:34 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 13:34 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 13:34 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 13:34 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 13:34 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 13:34 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 13:34 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 13:34 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 13:34 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 13:34 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 13:34 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 13:31 - 2014-11-13 13:31 - 00232784 _____ () C:\Users\Desktop\Downloads\1084_10443601.wma
2014-11-12 20:38 - 2014-11-12 20:38 - 00857474 _____ () C:\Users\Desktop\Downloads\11059_10443545.wma
2014-11-12 20:36 - 2014-11-12 20:36 - 00730643 _____ () C:\Users\Desktop\Downloads\6912_10443507 (1).wma
2014-11-12 20:33 - 2014-11-12 20:33 - 00730643 _____ () C:\Users\Desktop\Downloads\6912_10443507.wma
2014-11-12 20:28 - 2014-11-12 20:28 - 00797529 _____ () C:\Users\Desktop\Downloads\3091_10443502.wma
2014-11-12 20:21 - 2014-11-12 20:22 - 01181808 _____ () C:\Users\Desktop\Downloads\3024_10443467.wma
2014-11-12 20:20 - 2014-11-12 20:20 - 01103564 _____ () C:\Users\Desktop\Downloads\4006_10442852 (1).wma
2014-11-12 20:13 - 2014-11-12 20:14 - 01103564 _____ () C:\Users\Desktop\Downloads\4006_10442852.wma
2014-11-12 16:21 - 2014-11-12 16:21 - 01085896 _____ () C:\Users\Desktop\Downloads\10979_10443622 (1).wma
2014-11-12 09:34 - 2014-11-12 09:34 - 00026333 _____ () C:\Users\Desktop\Downloads\Outlook.com (9).zip
2014-11-12 08:44 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:44 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:44 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:44 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:44 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:44 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:44 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:44 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:44 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:44 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:56 - 2014-11-12 07:56 - 01499201 _____ () C:\Users\Desktop\Downloads\10460_10443523.wma
2014-11-12 07:52 - 2014-11-12 07:52 - 00882714 _____ () C:\Users\Desktop\Downloads\MOODY_10443123.wma
2014-11-12 07:46 - 2014-11-12 07:46 - 01451876 _____ () C:\Users\Desktop\Downloads\8794_10443097.wma
2014-11-11 19:01 - 2014-11-11 19:01 - 00892810 _____ () C:\Users\Desktop\Downloads\10979_10443623 (1).wma
2014-11-11 17:37 - 2014-11-11 17:37 - 01244908 _____ () C:\Users\Desktop\Downloads\1443_10443497 (1).wma
2014-11-11 17:32 - 2014-11-11 17:32 - 01244908 _____ () C:\Users\Desktop\Downloads\1443_10443497.wma
2014-11-11 17:29 - 2014-11-11 17:29 - 00382962 _____ () C:\Users\Desktop\Downloads\1413_10443492.wma
2014-11-11 17:27 - 2014-11-11 17:27 - 00658078 _____ () C:\Users\Desktop\Downloads\1407_10443487 (1).wma
2014-11-11 17:24 - 2014-11-11 17:24 - 00658078 _____ () C:\Users\Desktop\Downloads\1407_10443487.wma
2014-11-11 17:23 - 2014-11-11 17:23 - 00610122 _____ () C:\Users\Desktop\Downloads\1401_10443482 (1).wma
2014-11-11 17:18 - 2014-11-11 17:18 - 00610122 _____ () C:\Users\Desktop\Downloads\1401_10443482.wma
2014-11-11 17:17 - 2014-11-11 17:17 - 00892810 _____ () C:\Users\Desktop\Downloads\10979_10443623.wma
2014-11-11 17:09 - 2014-11-11 17:09 - 01291602 _____ () C:\Users\Desktop\Downloads\MOODY_10443116 (2).wma
2014-11-11 08:17 - 2014-11-11 08:17 - 00967899 _____ () C:\Users\Desktop\Downloads\8812_10442807 (2).wma
2014-11-11 08:01 - 2014-11-11 08:01 - 01320628 _____ () C:\Users\Desktop\Downloads\1341_10443422.wma
2014-11-11 08:00 - 2014-11-11 08:00 - 00010041 _____ () C:\Users\Desktop\Downloads\MOODY_10443116 (1).wma
2014-11-11 07:59 - 2014-11-11 07:59 - 00010041 _____ () C:\Users\Desktop\Downloads\MOODY_10443116.wma
2014-11-11 07:54 - 2014-11-11 07:54 - 00894703 _____ () C:\Users\Desktop\Downloads\HOTMONT_10442867 (2).wma
2014-11-11 07:48 - 2014-11-11 07:48 - 00110370 _____ () C:\Users\Desktop\Downloads\1084_10443604.wma
2014-11-11 07:06 - 2014-11-11 07:06 - 00169207 _____ () C:\Users\Desktop\Downloads\Athena's report card.....zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-11 19:54 - 2011-05-25 06:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 19:35 - 2014-10-16 11:46 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3676358354-4005122944-1009459733-1000.job
2014-12-11 17:59 - 2011-12-23 15:11 - 01301221 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 09:57 - 2010-03-03 13:41 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\SendSpace Wizard
2014-12-11 07:46 - 2011-05-25 06:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 13:57 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 11:52 - 2010-11-20 16:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 11:52 - 2009-07-13 23:34 - 00019808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 11:52 - 2009-07-13 23:34 - 00019808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 11:46 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 11:46 - 2009-07-13 23:39 - 02424308 _____ () C:\Windows\setupact.log
2014-12-10 08:41 - 2010-03-03 10:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 08:40 - 2013-07-13 08:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 08:33 - 2011-12-23 16:39 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-30 13:02 - 2010-03-23 16:18 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-11-30 12:59 - 2013-03-08 10:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-30 12:59 - 2013-01-29 08:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-28 16:12 - 2010-03-03 11:04 - 00000000 ____D () C:\Users\Desktop\Documents\Mystery Shopping
2014-11-25 17:57 - 2011-09-07 06:01 - 00002091 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 11:43 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-21 22:38 - 2011-12-15 08:26 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 10:40 - 2010-11-20 16:48 - 00170048 _____ () C:\Windows\PFRO.log
2014-11-21 10:38 - 2014-04-25 06:06 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 10:38 - 2013-12-27 07:17 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-21 10:38 - 2013-03-14 18:37 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 10:38 - 2013-03-14 18:37 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 10:38 - 2012-03-17 06:55 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 10:38 - 2011-12-15 08:26 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-21 10:38 - 2011-12-15 08:26 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 11:30 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 10:44 - 2009-07-13 23:33 - 00411760 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Desktop\gnsdk_dsp.dll
C:\Users\Desktop\gnsdk_musicid.dll
C:\Users\Desktop\gnsdk_sdkmanager.dll
C:\Users\Desktop\gnsdk_submit.dll
C:\Users\Desktop\iAdCore.dll
C:\Users\Desktop\iPodUpdaterExt.dll
C:\Users\Desktop\iTunes.dll
C:\Users\Desktop\iTunesAdmin.dll
C:\Users\Desktop\iTunesHelper.dll
C:\Users\Desktop\iTunesMiniPlayer.dll
C:\Users\Desktop\iTunesOutlookAddIn.dll
 
 
Some content of TEMP:
====================
C:\Users\Desktop\AppData\Local\Temp\DivXSetup.exe
C:\Users\Desktop\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Desktop\AppData\Local\Temp\GLF13CA.tmp.dll
C:\Users\Desktop\AppData\Local\Temp\GLFDE86.tmp.dll
C:\Users\Desktop\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Desktop\AppData\Local\Temp\lowproc.exe
C:\Users\Desktop\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Desktop\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 00:15
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2014 02
Ran by Desktop at 2014-12-11 20:05:53
Running from C:\Users\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
3600_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco WebEx Meetings (HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Dell Backup and Recovery Manager (HKLM\...\{8DD67529-BA26-4D12-97A8-3853D0C4B67D}) (Version: 1.2.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FiddlerCap (HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\FiddlerCap) (Version:  - )
FrostWire 4.21.1 (HKLM\...\FrostWire) (Version: 4.21.1.0 - FrostWire Team)
FrostWire 5.3.8 (HKLM\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-3676358354-4005122944-1009459733-1000\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP OfficeJet J3600 (HKLM\...\{ECF40A6B-F164-493E-AD93-8B9946871BC5}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
J3600_Basic (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SendSpace Wizard (HKLM\...\SendSpaceWizard) (Version: 1.3.4 - SendSpace)
Sony Player Plug-in for Windows Media Player (HKLM\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
Streamer (remove only) (HKLM\...\Streamer) (Version: "1.0.0" - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WhoCrashed 4.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
X-Lite 3.0 (HKLM\...\X-Lite 1.5_is1) (Version:  - CounterPath Solutions Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Desktop\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3676358354-4005122944-1009459733-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Desktop\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
 
==================== Restore Points  =========================
 
24-10-2014 13:53:39 Scheduled Checkpoint
01-11-2014 12:51:05 Scheduled Checkpoint
08-11-2014 14:53:53 Scheduled Checkpoint
12-11-2014 13:44:46 Windows Update
13-11-2014 18:34:57 Windows Update
15-11-2014 11:12:11 Windows Backup
19-11-2014 12:21:29 Windows Update
21-11-2014 15:36:24 avast! antivirus system restore point
29-11-2014 13:01:59 Scheduled Checkpoint
01-12-2014 11:53:59 Windows Update
09-12-2014 18:03:19 Scheduled Checkpoint
10-12-2014 13:32:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-11-28 13:32 - 2011-11-28 14:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DFD84BE-5F7C-4186-BA07-DF3C1C0B094C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {193B4C7D-9B04-457A-90D5-332FA1C0AC46} - System32\Tasks\G2MUpdateTask-S-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Users\Desktop\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-11-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {215E6A83-3DFE-4AA5-8D29-002C5FBC72CF} - System32\Tasks\RealCreateProcessScheduledTask341579S-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2014-10-02] (RealNetworks, Inc.)
Task: {2282D0C6-56F7-4BA1-AAA1-8A9EC78047F0} - System32\Tasks\ReclaimerUpdateXML_Desktop => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-18] (RealNetworks, Inc.)
Task: {261701DC-07DE-4E6D-9EC0-9F48ABC7E720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {37C8B902-5B6F-441B-8C13-37FDEEE31C09} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {38CEC5E0-361C-4215-8A77-71908E17B328} - System32\Tasks\RNUpgradeHelperLogonPrompt_Desktop => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-18] (RealNetworks, Inc.)
Task: {3B8C8109-5DC8-4256-8FFC-0730CB2FB061} - System32\Tasks\{874B59C8-31A0-4203-AE4B-C9A37518BE2F} => C:\Program Files\SendSpace\Wizard\SendSpace Wizard.exe [2014-03-25] (SendSpace)
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {43324FFE-808F-40B0-A6AC-C3E8AA210519} - System32\Tasks\{4C2B4448-8D7D-4E6E-9095-3422674103A1} => pcalua.exe -a "C:\Program Files\CounterPath\X-Lite\unins000.exe"
Task: {7DF1D495-3CC3-48F8-BD60-FBF698853A55} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {809D7AB2-5314-420B-8374-189094CDE4E6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3676358354-4005122944-1009459733-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8184F242-0199-477C-8EC5-C4AE03127FE7} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {81FC8A3F-25A9-4F10-B66F-4263427D25EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {8CD7E8F2-C67E-4A60-9A74-7766785B13B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-30] (Adobe Systems Incorporated)
Task: {909F3C92-AE4C-443C-9BF2-F33EB93CA058} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3676358354-4005122944-1009459733-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {94C3E055-8A5A-43BC-A31D-339842F4EE3B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A3195ACC-FE92-458D-8C94-554C56B6FB4D} - System32\Tasks\{36F8125D-DC62-4A76-B0F6-12C22E4FC1B5} => C:\Program Files\SendSpace\Wizard\SendSpace Wizard.exe [2014-03-25] (SendSpace)
Task: {B7373D74-9F85-46FE-9176-5971CFA787AB} - System32\Tasks\{F8CF6F52-BD01-416A-9F31-0DB8ED3893D4} => pcalua.exe -a "C:\Program Files\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {BD52A85F-4D56-4733-8FA6-3E34A44E4B61} - System32\Tasks\RNUpgradeHelperResumePrompt_Desktop => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-18] (RealNetworks, Inc.)
Task: {CB018B82-45F8-4953-924B-F9BA3A6E4D35} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {D1D79598-A906-49A0-888C-33DCB5D74FDC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {DA51EC54-25C5-43C4-93D5-80105ABEFD14} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {F0F1D0AE-9BBA-43C0-A161-4E46BCE5A0A4} - \SidebarExecute No Task File <==== ATTENTION
Task: {F16ADCC0-CFDD-4994-80DA-9B1E3E3074BC} - System32\Tasks\{280CD20D-7BC3-42F9-AEE7-5233AA861DDF} => pcalua.exe -a C:\Users\Desktop\Downloads\avg_free_stb_all_9_40_cnet.exe -d C:\Users\Desktop\Downloads
Task: {F2EE4A8D-2DBA-419F-941A-4CC0B737489B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3676358354-4005122944-1009459733-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F8006CA5-EEF0-46B4-8E6C-822A4C7909ED} - System32\Tasks\ReclaimerUpdateFiles_Desktop => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-18] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3676358354-4005122944-1009459733-1000.job => C:\Users\Desktop\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Desktop.job => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Desktop.job => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Desktop.job => C:\Users\Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-10 07:03 - 2014-12-10 07:03 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121000\algo.dll
2014-11-21 10:37 - 2014-11-21 10:37 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-11-21 10:37 - 2014-11-21 10:37 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-21 10:37 - 2014-11-21 10:37 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-11 07:33 - 2014-12-11 07:33 - 02905600 _____ () C:\Program Files\AVAST Software\Avast\defs\14121100\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-11-21 10:37 - 2014-11-21 10:37 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-21 10:37 - 2014-11-21 10:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-07-05 09:21 - 2010-01-04 19:13 - 23941120 _____ () C:\Program Files\CounterPath\X-Lite\x-lite.exe
2012-07-05 09:21 - 2007-10-09 15:26 - 00061440 _____ () C:\Program Files\CounterPath\X-Lite\AEC_PC_DLL.dll
2012-07-05 09:21 - 2007-10-09 15:28 - 00025632 _____ () C:\Program Files\CounterPath\X-Lite\PlantronicsDeviceEventSink.dll
2012-07-05 09:21 - 2009-06-10 07:55 - 00659456 _____ () C:\Program Files\CounterPath\X-Lite\YLUSBTEL.dll
2014-11-25 17:57 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 17:57 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 17:57 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 17:57 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Desktop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3676358354-4005122944-1009459733-500 - Administrator - Disabled)
Desktop (S-1-5-21-3676358354-4005122944-1009459733-1000 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-3676358354-4005122944-1009459733-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3676358354-4005122944-1009459733-1074 - Limited - Enabled)
Lou (S-1-5-21-3676358354-4005122944-1009459733-1003 - Administrator - Enabled) => C:\Users\Lou
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2014 01:48:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025
 
Error: (12/11/2014 01:48:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4025
 
Error: (12/11/2014 01:48:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/11/2014 01:47:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3027
 
Error: (12/11/2014 01:47:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3027
 
Error: (12/11/2014 01:47:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/11/2014 01:47:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (12/11/2014 01:47:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (12/11/2014 01:47:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/11/2014 01:47:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
System errors:
=============
Error: (12/11/2014 06:00:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/10/2014 07:03:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/09/2014 06:50:45 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/08/2014 06:42:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/07/2014 07:12:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (12/07/2014 07:12:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (12/06/2014 08:11:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/04/2014 07:03:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/01/2014 06:52:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (11/29/2014 06:43:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2014 06:48:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8219 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (07/05/2013 03:08:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/05/2013 03:07:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 57 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/03/2011 10:19:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 46%
Total physical RAM: 3036.99 MB
Available physical RAM: 1610.43 MB
Total Pagefile: 6072.27 MB
Available Pagefile: 4228.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.95 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:289.93 GB) (Free:199.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 12 December 2014 - 09:04 AM

ok Thanks for the info. Lets get two tools to run and see if they can dig up anything as far as actual malware goes anyway. It sounds like a problem with Chrome or Avast really.

 

 

Please download adwcleaner from here and save to your desktop.
 
    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab > once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

  http://www.bleepingcomputer.com/download/adwcleaner/
 
Note: The log is also be located at C: > AdwCleaner > AdwCleaner[S0].txt

 

Next:

Please download Junkware Removal Tool to your desktop.
 
http://thisisudax.org/downloads/JRT.exe
 
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 


How Can I Reduce My Risk to Malware?


#5 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 12 December 2014 - 09:30 AM

# AdwCleaner v4.105 - Report created 12/12/2014 at 09:17:40
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Program Files\SendSpace
Folder Deleted : C:\Users\Desktop\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Desktop\AppData\Local\apn
Folder Deleted : C:\Users\Desktop\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Desktop\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
File Deleted : C:\END
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3227 octets] - [12/12/2014 09:10:47]
AdwCleaner[R1].txt - [3287 octets] - [12/12/2014 09:13:33]
AdwCleaner[S0].txt - [3102 octets] - [12/12/2014 09:17:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3162 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Desktop on Fri 12/12/2014 at  9:23:21.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\coupons"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Desktop\AppData\Roaming\mozilla\firefox\profiles\6vwqogat.default-1388148876095\minidumps [10 files]
 
 
 
 
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/12/2014 at  9:26:33.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 12 December 2014 - 06:14 PM

ok. Any better now?


How Can I Reduce My Risk to Malware?


#7 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 13 December 2014 - 07:35 AM

I did not get the pop up yesterday or today (as of yet?). But one of my programs I use daily for work is missing? Sendspace.  Did the programs you had me run remove something bad like a virus?



#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 13 December 2014 - 02:27 PM

Looks like adwcleaner removed it. Just looks like a "cloud" storage/sharing utility that uses software to download/upload files. I looked at the website, dosnt seem to be ad supported or install third party software.. Just reinstall it and you should be good to go.

 

Folder Deleted : C:\Program Files\SendSpace


How Can I Reduce My Risk to Malware?


#9 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 13 December 2014 - 02:28 PM

thank you very much for the information about the program, Sendspace. Did any virus get removed? Why was my computer giving me those pop ups from avast? Do I need to do anything else?



#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 13 December 2014 - 10:15 PM

Ok. your welcome. Not a virus. Avast was just doing its job, not so sure if it was really blocking a URL.

Cruise around and make sure all looks good, then we can end this.


How Can I Reduce My Risk to Malware?


#11 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 14 December 2014 - 03:08 PM

ok, thanks, no more pop ups, you were wonderfully helpful!



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 14 December 2014 - 05:48 PM

Your welcome. Theres one more download you can get that will delete the tools we used then delete itself;

 

      Please download Delfix.exe and save it to your desktop:

    https://toolslib.net/downloads/viewdownload/2-delfix/
    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates.

 

You may also be interested in the free version of Malwarebytes. You can keep and use it as a antimalware app. It will complement your antivirus AVAST.

 

This will get you going if up want to install it:

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
   Machine will reboot to finish any 'cleaning'

 

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?


#13 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:33 AM

Posted 25 December 2014 - 03:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users