Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? Nfwkvqr.exe*32/Google Chrome


  • This topic is locked This topic is locked
17 replies to this topic

#1 woch2331

woch2331

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 28 December 2014 - 05:46 PM

Probably infected, multiple instances of Nfwkvqr.exe*32/Google Chrome in Task Manager occurring.

Posted log (DDS.txt) as requested,

Attached log (Attach.txt) as requested.

Thanks for the help!!

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Mike at 17:12:18 on 2014-12-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.8364 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
c:\program files\soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\AirPrint\airprint.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Browny02\Brother\BrotherOfflineChk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Unwshlwpqjwe] regsvr32.exe /s "C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}\Unwshlwpqjwe.dll"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - <no file>
IE: E&xport to Microsoft Excel - <no file>
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - <no file>
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {36299202-09EF-4ABF-1337-47C599DBE7A6} - hxxp://www.biddingtraveler.com/binary/autobid-v39.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1091
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{784F32D6-E0F7-4795-AA76-7B521B88216F} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D4B2471-9042-4D3A-B5ED-A9190CBD4BAD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D4B2471-9042-4D3A-B5ED-A9190CBD4BAD}\449425543445D2149383733354F514962734F60797 : DHCPNameServer = 192.168.18.33
TCP: Interfaces\{8D4B2471-9042-4D3A-B5ED-A9190CBD4BAD}\74D234F4E4E4543445D274558474 : DHCPNameServer = 172.16.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-19 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-19 267632]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-20 56336]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-3 54728]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-5-20 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2010-12-11 436624]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-10-24 24560]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s --> C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [?]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-8-11 71040]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-11 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-4 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-11-23 50344]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-10-24 371696]
R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-28 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-7-24 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-10-24 72216]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-1-27 183264]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-1-27 553440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-17 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-3-18 74320]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-3-18 13392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-4-27 266240]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-28 1254464]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 P0620VID;Creative WebCam Instant;C:\Windows\System32\drivers\P0620Vid.sys [2010-11-6 126848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 RoxMediaDBVHS;RoxMediaDBVHS;C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2012-7-31 1112720]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-1-27 1239552]
S3 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-26 08:57:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{549268C6-D114-476D-A67F-9EE3EA53F185}\offreg.dll
2014-12-26 08:56:21 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{549268C6-D114-476D-A67F-9EE3EA53F185}\mpengine.dll
2014-12-21 00:35:14 -------- d-----w- C:\Users\Mike\AppData\Roaming\Digiarty
2014-12-21 00:35:04 -------- d-----w- C:\Program Files (x86)\Digiarty
2014-12-18 03:56:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 03:56:49 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 09:53:20 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-12-17 09:52:48 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-12-16 01:04:16 -------- d-----w- C:\Users\Mike\AppData\Roaming\namexif
2014-12-16 01:04:15 -------- d-----w- C:\Program Files (x86)\Namexif
2014-12-10 08:25:17 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 08:05:29 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 08:05:29 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 03:21:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-10 03:21:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-01 11:50:06 -------- d-----w- C:\Program Files (x86)\MakeMKV
2014-12-01 03:28:56 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
.
==================== Find3M  ====================
.
2014-12-17 11:06:43 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-17 11:06:43 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-01 03:21:04 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-11-25 18:15:25 92520 ----a-w- C:\Windows\System32\LMIinit.dll
2014-11-25 18:15:25 35688 ----a-w- C:\Windows\System32\LMIport.dll
2014-11-25 18:15:25 107392 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-23 20:29:51 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-23 20:29:26 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-23 20:29:26 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-23 20:29:26 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-23 20:29:26 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-23 20:29:26 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-23 20:29:26 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-23 20:29:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 22:50:33 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-14 11:22:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-10-01 16:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 17:29:56.14 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 28 December 2014 - 07:44 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 28 December 2014 - 08:49 PM

Thanks Georgi for the quick response.

Posted log (FRST.txt) as requested,

Attached log (Addition.txt) as requested.

Thanks for the help!!

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Mike (administrator) on WIN7 on 28-12-2014 20:43:52
Running from C:\Users\Mike\Desktop\Bleeping Computer
Loaded Profile: Mike (Available profiles: Mike & LogMeInRemoteUser & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
( ) C:\Windows\System32\lxdncoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrotherOfflineChk.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\Plus\TranscodingService.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe
(Google Inc.) C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl\Ghphrrw\Nfwkvqr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2008-07-24] (LogMeIn, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [Unwshlwpqjwe] => regsvr32.exe /s "C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}\Unwshlwpqjwe.dll" <===== ATTENTION
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\MountPoints2: {9a1408c2-e284-11df-8601-001fbc083f67} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001 -> DefaultScope {D3AD7114-4FFD-4414-9FD5-C7AF7270AAB6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001 -> {38F5A1BD-05E1-46C0-ADD0-F443506C1BE8} URL = http://www.amazon.com/gp/bit/amazonserp/ref=bit_p_downloads-com-abb_serp_ie_us_display?ie=UTF8&ie=UTF8&tag=downloads-com-abb-serp-us-ie-20&tagbase=downloads-com-abb&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001 -> {D3AD7114-4FFD-4414-9FD5-C7AF7270AAB6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {36299202-09EF-4ABF-1337-47C599DBE7A6} http://www.biddingtraveler.com/binary/autobid-v39.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1091
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default
FF DefaultSearchEngine: Yahoo!
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3949177305-4185837410-1237835860-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3949177305-4185837410-1237835860-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Default Manager - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\Extensions\DefaultManager@Microsoft [2011-10-02]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\Extensions\LogMeInClient@logmein.com [2011-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-20]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mike\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (Greyscale) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2010-12-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR StartMenuInternet: Google Chrome - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-06-26] (Adobe Systems) [File not signed]
R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2010-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-25] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-25] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-12-16] (LogMeIn, Inc.)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.) [File not signed]
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1044648 2008-02-27] ( )
R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [594600 2008-02-27] ( )
S3 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1112720 2012-07-31] (Corel Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-27] (Soluto) [File not signed]
R3 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-10-14] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-10-14] (CyberLink Corporation.)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-26] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 P0620VID; C:\Windows\System32\DRIVERS\P0620Vid.sys [126848 2005-08-15] (Creative Technology Ltd.)
S3 PCANDIS4; C:\Windows\SysWOW64\PCANDIS4.SYS [16112 2002-05-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [738328 2012-05-04] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1226136 2012-05-04] (eMPIA Technology, Inc.)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 16:46 - 2014-12-28 20:43 - 00000000 ____D () C:\Users\Mike\Desktop\Bleeping Computer
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Digiarty
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Program Files (x86)\Digiarty
2014-12-17 22:56 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:56 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 05:43 - 2014-12-17 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-17 04:53 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-17 04:52 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-15 20:04 - 2014-12-15 20:05 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\namexif
2014-12-15 20:04 - 2014-12-15 20:04 - 00000995 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\Namexif.lnk
2014-12-15 20:04 - 2014-12-15 20:04 - 00000995 _____ () C:\Users\Mike\Desktop\Namexif.lnk
2014-12-15 20:04 - 2014-12-15 20:04 - 00000995 _____ () C:\Users\LogMeInRemoteUser\Desktop\Namexif.lnk
2014-12-15 20:04 - 2014-12-15 20:04 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif
2014-12-15 20:04 - 2014-12-15 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif
2014-12-15 20:04 - 2014-12-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Namexif
2014-12-10 03:25 - 2014-12-10 03:25 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 22:22 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 22:22 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 22:22 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 22:22 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 22:22 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 22:22 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 22:22 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 22:22 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 22:22 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 22:22 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 22:22 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 22:22 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 22:22 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 22:22 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 22:22 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 22:22 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 22:22 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 22:22 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 22:22 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 22:22 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 22:22 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 22:22 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 22:22 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 22:22 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 22:22 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 22:22 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 22:22 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 22:22 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 22:22 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 22:22 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 22:22 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 22:22 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 22:22 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 22:22 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 22:22 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 22:22 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 22:22 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 22:22 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 22:22 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 22:22 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 22:22 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 22:22 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 22:22 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 22:22 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 22:22 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 22:22 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 22:22 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 22:22 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 22:22 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 22:22 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 22:22 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 22:22 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 22:22 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 22:22 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 22:22 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 22:22 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 22:22 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 22:22 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 22:22 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 22:22 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 22:22 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 22:22 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 22:22 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 22:22 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 22:22 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 22:22 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 22:22 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 22:22 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 22:22 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 22:22 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 22:22 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 22:22 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 22:21 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 22:21 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-01 06:50 - 2014-12-01 06:50 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-12-01 06:50 - 2014-12-01 06:50 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-11-30 22:28 - 2014-11-30 22:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 20:43 - 2014-11-20 17:10 - 00000000 ____D () C:\FRST
2014-12-28 20:41 - 2012-03-29 05:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 20:40 - 2013-10-18 13:59 - 00001477 _____ () C:\ProgramData\hpzinstall.log
2014-12-28 20:39 - 2014-02-06 06:34 - 00019107 ____N () C:\Windows\hpqins13.dat.temp
2014-12-28 20:39 - 2013-10-18 13:59 - 00019107 _____ () C:\Windows\hpqins13.dat
2014-12-28 20:38 - 2010-12-02 20:15 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3949177305-4185837410-1237835860-1001UA.job
2014-12-28 20:30 - 2010-12-22 17:54 - 00000000 ____D () C:\Users\Mike\.MakeMKV
2014-12-28 20:02 - 2012-09-07 04:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 19:45 - 2010-10-23 19:47 - 01502073 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 18:02 - 2012-09-07 04:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 17:17 - 2009-07-13 23:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 17:17 - 2009-07-13 23:45 - 00022256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 17:09 - 2011-03-28 19:59 - 00000000 ___RD () C:\Users\Mike\Dropbox
2014-12-28 17:08 - 2011-03-28 19:57 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Dropbox
2014-12-28 17:04 - 2014-01-22 15:30 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-28 17:04 - 2014-01-22 15:30 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-28 17:04 - 2012-10-19 14:15 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-28 17:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 17:00 - 2010-10-23 23:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-28 17:00 - 2009-07-13 23:51 - 00093423 _____ () C:\Windows\setupact.log
2014-12-28 09:49 - 2014-01-10 16:06 - 00000000 ____D () C:\Users\Mike\AppData\Local\76A0BFB5-1D49-4B3F-9E80-0CB8DD9D7750.aplzod
2014-12-28 09:38 - 2010-12-02 20:15 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3949177305-4185837410-1237835860-1001Core.job
2014-12-28 08:31 - 2012-07-28 22:18 - 00000000 ____D () C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}
2014-12-28 00:14 - 2010-10-24 00:12 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-27 21:38 - 2011-12-14 21:46 - 00000000 ____D () C:\Bovada
2014-12-22 20:10 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 19:58 - 2011-05-19 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2014-12-22 05:58 - 2014-01-23 19:10 - 00000000 ____D () C:\Users\Mike\AppData\Local\LogMeInIgnition
2014-12-20 19:37 - 2010-10-24 20:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\dvdcss
2014-12-19 22:16 - 2010-12-04 18:34 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\vlc
2014-12-17 16:05 - 2010-10-25 05:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-17 14:22 - 2011-03-28 19:59 - 00001010 _____ () C:\Users\Mike\Desktop\Dropbox.lnk
2014-12-17 14:22 - 2011-03-28 19:57 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 06:07 - 2014-08-15 13:06 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2014-12-17 06:06 - 2012-03-29 05:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-17 06:06 - 2012-03-29 05:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-17 06:06 - 2011-05-20 06:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 05:40 - 2013-03-13 03:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-17 05:40 - 2013-03-13 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-17 05:01 - 2013-07-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 04:54 - 2010-10-24 09:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 04:53 - 2010-10-23 23:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-17 04:50 - 2010-10-23 23:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-17 03:02 - 2013-03-13 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-16 19:34 - 2010-11-03 05:50 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HandBrake
2014-12-14 15:36 - 2013-01-27 10:35 - 00000818 _____ () C:\Windows\CDFACE32.INI
2014-12-14 15:06 - 2013-03-31 08:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 04:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:27 - 2010-10-24 00:15 - 01450316 _____ () C:\Windows\PFRO.log
2014-12-10 03:25 - 2014-04-28 07:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-01 06:50 - 2010-12-03 17:20 - 00000995 _____ () C:\Users\Mike\Desktop\MakeMKV.lnk
2014-11-30 22:31 - 2014-09-18 05:52 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-30 22:31 - 2010-12-20 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-30 22:31 - 2010-12-20 05:52 - 00000000 ____D () C:\Program Files\iTunes
2014-11-30 22:28 - 2010-12-20 05:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-30 22:28 - 2010-10-30 11:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-30 22:26 - 2010-10-30 11:11 - 00000000 ____D () C:\ProgramData\Apple
2014-11-30 22:21 - 2010-11-09 16:49 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-30 22:21 - 2010-11-09 16:49 - 00006748 _____ () C:\Windows\LkmdfCoInst.log

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0e9vqk.dll
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgm4qoz.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:06

==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 29 December 2014 - 03:38 AM

Hello,

 

Please go ahead and uninstall the following application via Control Panel:

 

Vuze Remote Toolbar v9.0

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 29 December 2014 - 04:46 AM

As requested, attempted to uninstall Vuse Remote Toolbar v9.0 via Control Panel.

UNABLE TO COMPLETE TASK.

Received Windows Installer dialog box:

   The feature you are trying to use is on a CD-ROM or other removable disk that is not available.

   Insert the 'Vuse Remote Toolbar v9.0' disk and click OK

I do not have the disk or know the location of the uninstall files.

 

As requested, downloaded the fixlist.txt file and ran FRST and selected Fix.

Completed task and rebooted computer.

Posted log (Fixlog.txt) as requested,

Thanks for the help!!

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Mike at 2014-12-29 04:20:49 Run:2
Running from C:\Users\Mike\Desktop\Bleeping Computer
Loaded Profile: Mike (Available profiles: Mike & LogMeInRemoteUser & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\...\Run: [Unwshlwpqjwe] => regsvr32.exe /s "C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}\Unwshlwpqjwe.dll" <===== ATTENTION
C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}
end

*****************

Processes closed successfully.
C:\Users\Mike\AppData\LocalLow\EmieSiteList\Tbfhlamrl => Moved successfully.
HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Unwshlwpqjwe => value deleted successfully.
C:\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC} => Moved successfully.

The system needed a reboot.

==== End of Fixlog 04:20:50 ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 29 December 2014 - 04:01 PM

Hello,

 

Try to uninstall the toolbar using MSFixit and let me know about the results.

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

STEP 2

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

Regards,

Georgi


cXfZ4wS.png


#7 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 29 December 2014 - 10:49 PM

As requested:

 

I used MSFixit and successfully uninstall Vuse Remote Toolbar v9.0

 

STEP 1 - Completed Malwarebytes Anti-Malware scan

Posted log as requested,

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/29/2014
Scan Time: 5:06:42 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.29.07
Rootkit Database: v2014.12.29.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442831
Time Elapsed: 10 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [92096efab0cc280e1c60500c966d19e7],

Files: 5
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000003.log, Quarantined, [92096efab0cc280e1c60500c966d19e7],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\CURRENT, Quarantined, [92096efab0cc280e1c60500c966d19e7],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOCK, Quarantined, [92096efab0cc280e1c60500c966d19e7],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG, Quarantined, [92096efab0cc280e1c60500c966d19e7],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\MANIFEST-000002, Quarantined, [92096efab0cc280e1c60500c966d19e7],

Physical Sectors: 0
(No malicious items detected)

(end)

 

STEP 2 - Completed HitmanPro scan

Posted log as requested,

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : WIN7
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Win7\Mike
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-12-29 22:31:39
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 54s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 91
   Objects scanned . . . : 3,062,303
   Files scanned . . . . : 223,293
   Remnants scanned  . . : 1,059,354 files / 1,779,656 keys
Suspicious files ____________________________________________________________
   C:\Users\Mike\AppData\Local\Temp\~DFFC5B5A5D617B3EDD.TMP
      Size . . . . . . . : 16,384 bytes
      Age  . . . . . . . : 34.2 days (2014-11-25 16:58:48)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : A710727220F0317A0C9944C3D96C71DB53D6E652044166BDAD4CA21D2121B4BE
      Product  . . . . . : Avast NG
      Publisher  . . . . : AVAST Software
      Description  . . . : avast! NG setup helper driver
      Version  . . . . . : 10.0.0.69
      Copyright  . . . . : Copyright (c) 2014 AVAST Software
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 44.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file name extension of this program is not common.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
   C:\Users\Mike\Desktop\Bleeping Computer\FRST64.exe
      Size . . . . . . . : 2,123,264 bytes
      Age  . . . . . . . : 1.1 days (2014-12-28 20:02:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8CF775131B705B240CA7817194B39F077788FA37405B0449719875FBAA05BB68
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

Potential Unwanted Programs _________________________________________________
   ask.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web Data
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1001_Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E}\ (Conduit)
   HKU\S-1-5-21-3949177305-4185837410-1237835860-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E}\ (Conduit)
Cookies _____________________________________________________________________
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:cruisecritic.112.2o7.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:fls.doubleclick.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:leeenterprises.112.2o7.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlcashback.112.2o7.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:rcci.122.2o7.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.emjcd.com
   C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\6O45GPID.txt
   C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\9AAU5DF2.txt
   C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\J16GCRCV.txt
   C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\JPRC0QR4.txt
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:a1.interclick.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ad.360yield.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ad.afy11.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ad.wsod.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.adk2.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.mediade.sk
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.p161.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.undertone.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:adserve.postrelease.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:adtechus.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:advertising.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:apmebf.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:ar.atwola.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:at.atwola.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:atdmt.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:atwola.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:casalemedia.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:clickbank.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:collective-media.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:doubleclick.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:emjcd.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:interclick.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:invitemedia.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:kontera.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:media6degrees.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:mediaplex.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:network.realmedia.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:questionmarket.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:realmedia.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:revsci.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:serving-sys.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:stat.komoona.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:statcounter.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:stats.adotube.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:stats.townnews.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:t.invitemedia.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:tacoda.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:track.adform.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:xiti.com
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:yieldmanager.net
   C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1n0kdvw0.default\cookies.sqlite:zedo.com


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 30 December 2014 - 05:53 AM

Hi,
 

 

Nice work! MBAM took care of some things and the HitmanPro log shows only some adware stuff. To remove them please do the following:

 

 

STEP 1


Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Next, let's check for adware remnants:

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan

 

 

STEP 4

 

 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

 

Also let's check for outdated and vulnerable software on your pc:

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

Let me know for any remaining issues.

Have a good new year! xmastree6.gif

 

 
Regards,
Georgi


cXfZ4wS.png


#9 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 30 December 2014 - 09:35 PM

That took awhile to complete.

Here are the logs as requested.

 

STEP 1 - FRST

Posted Fixlog.txt as requested,

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Mike at 2014-12-30 16:33:14 Run:3
Running from C:\Users\Mike\Desktop\Bleeping Computer
Loaded Profiles: Mike & LogMeInRemoteUser & NeroMediaHomeUser.4 (Available profiles: Mike & LogMeInRemoteUser & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Unlock: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Approved Extensions
Reg: reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Approved Extensions" /v "{4D2D3B0F-69BE-477A-90F5-FDDB05357975}" /f
Unlock: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing
Reg: reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v "bProtectNewTabPageShow" /f
Reg: reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v "bProtectShowTabsWelcome" /f
DeleteKey: HKU\S-1-5-21-3949177305-4185837410-1237835860-1001_Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
DeleteKey: HKU\S-1-5-21-3949177305-4185837410-1237835860-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E}
DeleteKey: HKU\S-1-5-21-3949177305-4185837410-1237835860-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E}
end  
*****************

"HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Approved Extensions" => Key unlocked successfully.

========= reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\Approved Extensions" /v "{4D2D3B0F-69BE-477A-90F5-FDDB05357975}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

"HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing" => Key unlocked successfully.

========= reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v "bProtectNewTabPageShow" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-3949177305-4185837410-1237835860-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v "bProtectShowTabsWelcome" /f =========

The operation completed successfully.

 

========= End of Reg: =========

HKU\S-1-5-21-3949177305-4185837410-1237835860-1001_Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} => Key Deleted successfully.
HKU\S-1-5-21-3949177305-4185837410-1237835860-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E} => Key Deleted successfully.
HKU\S-1-5-21-3949177305-4185837410-1237835860-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6CFC8D41-B043-4FC4-8B7E-0DD1275C1B3E} => Key Deleted successfully.

==== End of Fixlog 16:33:14 ====

 

STEP 2 - AdwCleaner
Posted AdwCleaner[S1].txt as requested,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v4.106 - Report created 30/12/2014 at 16:42:15
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - WIN7
# Running from : C:\Users\Mike\Desktop\Bleeping Computer\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Tools\Network Configuration.LNK
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Align Cartridges.LNK
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Clean Cartridges.LNK
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Install Cartridges.LNK
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Print A Test Page.LNK
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Customer Experience\Lexmark Connect.LNK

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v

[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [36907 octets] - [20/11/2014 16:44:23]
AdwCleaner[R1].txt - [1198 octets] - [30/12/2014 16:34:15]
AdwCleaner[S0].txt - [38726 octets] - [20/11/2014 16:48:57]
AdwCleaner[S1].txt - [1913 octets] - [30/12/2014 16:42:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1973 octets] ##########

 

STEP 3 - Junkware Removal Tool
Posted JRT.txt as requested,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mike on Tue 12/30/2014 at 17:14:52.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mike\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{05A40A7F-F1FB-4EA2-B747-CDD16B71C142}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{07123A4F-7F05-4509-899B-DAEE67CE4CCA}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0753EDD8-08E2-4117-AF0C-B18DED4C3E31}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0C546E0A-E8E1-4E1A-A3F7-841A7924E2B4}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0D281370-7F8C-4A68-8CE1-D6DCAA2BEDDB}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{1D652229-B322-4D96-AB4B-347D212E2C5C}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{28A967DB-DEBC-4E9A-9E4E-FE304E921DE7}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{2CF8B26D-3BDC-448E-9BCE-626A016E2F09}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{2D821DE3-8029-49D0-9E75-9BD1DF502E46}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{3EFAE11A-BDC9-44A9-8993-7A64198AECA5}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{518D5DF8-97E9-420A-ADD7-E4DE7255B153}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{526CA0F8-0E8F-4712-95CC-E491B4182303}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{57B46E8A-4B87-4EB3-B46C-171E888A09F4}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{5D203797-3E93-48F1-8740-E67CD9949B23}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{6183E94E-7A85-43A6-A9D6-E8CF5F47A602}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{650656B8-520B-44E7-8781-6B1958FD0FA1}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{6A0EC917-17BA-4712-84E6-67802C37A8B6}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{799A8AD6-0792-44A0-B9B5-4E326EBCD850}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{808BA084-521D-46FE-A273-99229CC870E2}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{865DA4D2-FA0F-4E8D-B24A-91BCAAA0244A}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{8C138F36-8557-424E-99B1-DBDD3D879A2E}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{8E835F0E-40BC-4888-82B3-C3BF3C31D84A}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{A7D7D6F7-98EF-41E8-8DA7-BE8C2BBEC998}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{AEF5047E-8025-42B6-B258-54CDDFCFEBDE}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{BB7935DE-E2AA-468C-AD2E-27BB9816C93F}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C585DCB5-2079-4E15-97F7-B8AADD1C292F}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{D3E1402D-4783-4D90-B8FC-15F2967C2884}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{D73DC062-2E8A-4287-9BBF-0E7B1E532EBD}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{D862D7CC-4259-4FE8-A7D2-D277FF17B7E9}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{EC2F96E2-8BDF-4734-889A-6ACFDEE6CC78}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{EC823938-E369-44B0-AEB9-7BAE78895ABF}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{ED6CAEFD-C6DE-4308-8B4E-0D7A643A4C85}

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\1n0kdvw0.default\conduitcommon
Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\1n0kdvw0.default\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGIO
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\1n0kdvw0.default\minidumps [17 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/30/2014 at 17:18:42.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

STEP 4 - ESET OnlineScan
Posted ESETS_Scan.txt as requested,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Mike\AppData\Local\{9EAE5527-AC04-4E2E-9134-D54572DB21AC}\Unwshlwpqjwe.dll Win32/TrojanDownloader.Tracur.AM trojan
C:\Program Files (x86)\FoxTabAVIConverter\AviConverter.exe a variant of Win32/InstallCore.A potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_v4.57.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

 

STEP 5 - Security Check
Posted checkup.txt as requested,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 UNSUPPORTED OPERATING SYSTEM! ABORTED!
 

 

 



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 31 December 2014 - 03:43 AM

Hi,

 

The logs are clean.

 

The entries found by eset are already quarantined by (FRST & adwcleaner) and they are rendered harmless. We will remove them at the end of the cleaning process.

 

As for the following files:

 

C:\Program Files (x86)\FoxTabAVIConverter\AviConverter.exe a variant of Win32/InstallCore.A potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_v4.57.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application

 

they are safe as long you are careful with the check boxes that appear during the install and to avoid installing of unwanted applications or toolbars.

You can install Unchecky to make sure that the check boxes will remain clean when you install new software.

 

However I can recommend you to replace FoxTabAVIConverter with Free Video Converter Factory. it's one of the best free converter programs i've used and the installer is malware free:

https://www.virustotal.com/en/file/fe21bd42d1eef762ae4b1ab71858309eeca9bb642885a33256a3518ad3dde18b/analysis/1420014870/

 

Also I suggest you to replace NCH Swift Sound with Audacity. It's not like Adobe Audition and lack some features, but it still very powerful, free and malware free audio editor.

https://www.virustotal.com/en/file/e9e2f76175f3659c23bb9a60ad7ff98354234332f79b71f904adaab6d4c94965/analysis/1420015069/

 

As for the SecurityCheck, please restart the computer and run the tool again. It should create a report this time.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 31 December 2014 - 03:43 AM.
typo.

cXfZ4wS.png


#11 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 31 December 2014 - 02:29 PM

STEP 5 - Security Check
Posted checkup.txt as requested,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 COMODO Registry Cleaner 1.0.17.23 
 Java 7 Update 67 
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 03 January 2015 - 04:49 AM

Hello and Happy New Year!

Hope you have a great new year 2015! May all your dreams come true!

I am sorry about the delay. I had to travel away unexpectedly at the weekend, so wasn't able to do reply earlier.

Can you please do the following for me?

 

 

I would recommend you to uninstall  COMODO Registry Cleaner 1.0.17.23

 

Registry Editor / Cleaner Warning !!

The following is referring to COMODO Registry Cleaner 1.0.17.23.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

Go ahead and uninstall Java 7 Update 67. Leave only Java 8 Update 25 installed.

 

Next please run JavaRa.

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call. smile.png

 

 

Your Adobe Flash Player is out of date!

Older versions may have vulnerabilities that malware can use to infect your system.

 

software.gif Please download and install: Adobe Flash Player 16.0.0.235 Final for (Internet Explorer)
software.gif Please download and install: Adobe Flash Player 16.0.0.235 Final for (Firefox, Safari, Opera)

 

 

Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 34.0.5 Final for Windows

Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update.

 

 

  • The securitycheck log shows that the rest of your critical programs are up to date but It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Finally please post a new log from SecurityCheck.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 08 January 2015 - 01:43 PM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#14 woch2331

woch2331
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 08 January 2015 - 01:50 PM

Sorry, out of town on business.
Will try and post update tonight.

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:49 AM

Posted 08 January 2015 - 02:13 PM

Ok, no worries. I am checking to see if you have any troubles with the steps above. :)

No rush.

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users