Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of ?trackid


  • This topic is locked This topic is locked
10 replies to this topic

#1 shebates

shebates

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Union, SC
  • Local time:04:19 AM

Posted 28 December 2014 - 11:35 PM

Hi!  I've seen a couple of other people post about this annoying problem, but I wasn't sure if all problems/solutions are necessarily the same for all computers, so I figured I should start my own post.  I just got this computer the week before Thanksgiving, so it's very annoying that something has already jumped in and buried itself so deeply..... I have run the basic scans suggested in the other posts.  Any help would be greatly appreciated, no matter how long it takes for someone to get to it!!

 

Here are the scan files for DDS, AdWare, Junkware Removal, and MiniToolkit:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17416  BrowserJavaVersion: 11.25.2
Run by shebates at 23:17:55 on 2014-12-28
Microsoft Windows 8.1  6.3.9600.0.1252.1.1033.18.8097.5842 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\dwm.exe
C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\windows\system32\dashost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WWAHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\windows\system32\taskhost.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN44O123V405X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 71.10.216.1 71.10.216.2 192.168.1.1
TCP: Interfaces\{72073385-CB18-40C6-B6F4-BD11A33D8BD6} : DHCPNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
TCP: Interfaces\{C1144B26-4943-4EC1-8B13-F1C179795005} : DHCPNameServer = 71.10.216.1 71.10.216.2 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
x64-Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
x64-Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2014-12-28 449936]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-12-21 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-12-21 267632]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-8-9 644968]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\windows\System32\drivers\intelpep.sys [2014-12-10 39744]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-8-7 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-8-7 348552]
R0 Wof;Windows Overlay File System Filter Driver;C:\windows\System32\drivers\wof.sys [2014-11-19 157016]
R1 ahcache;Application Compatibility Cache;C:\windows\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2014-12-28 28184]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-12-21 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-12-21 436624]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-6-4 91712]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-12-21 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-12-21 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-12-21 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-21 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-12-28 104416]
R2 Cachedrv server; HP SimplePass Cachedrv Service;C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [2013-9-5 109568]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-22 2449592]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2014-6-4 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2014-6-4 298760]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-11-19 227904]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-6-4 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-6-4 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-21 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-21 969016]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-7-24 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-6-4 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2014-6-4 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2014-6-4 189912]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2013-7-18 83224]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-8-7 72128]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2013-7-26 26008]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-12-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-12-21 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-12-21 64216]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-8-7 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-8-7 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
R3 NcbService;Network Connection Broker;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\windows\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\drivers\Rt630x64.sys [2013-6-21 816344]
R3 UEFI;Microsoft UEFI Driver;C:\windows\System32\drivers\uefi.sys [2013-8-22 26976]
R3 WSDScan;WSD Scan Support;C:\windows\System32\drivers\WSDScan.sys [2013-8-22 23040]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\windows\System32\drivers\mfeelamk.sys [2013-8-7 70600]
S3 ADP80XX;ADP80XX;C:\windows\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\windows\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\windows\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\windows\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 cricut;cricut;C:\windows\System32\drivers\cricut_x64.sys [2014-11-19 72248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 259664]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-11-16 197704]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\windows\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\windows\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\windows\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-6-4 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-21 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2013-7-26 39320]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 lfsvc;Windows Location Framework Service;C:\windows\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\windows\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2014-6-4 334608]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
S3 netvsc;netvsc;C:\windows\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\windows\System32\drivers\refs.sys [2014-11-19 924504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-7-9 263896]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\windows\System32\drivers\SerCx2.sys [2014-11-18 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\windows\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\windows\System32\drivers\stornvme.sys [2014-11-18 57176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 w3logsvc;W3C Logging Service;C:\windows\System32\svchost.exe -k apphost [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\windows\System32\drivers\WdNisDrv.sys [2014-11-21 114496]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-11-21 368632]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\windows\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\windows\System32\svchost.exe -k LocalService [2013-8-22 37768]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-6-4 328928]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-29 04:04:25 -------- d-----w- C:\windows\ERUNT
2014-12-28 23:54:39 -------- d-----w- C:\Users\shebates\AppData\Local\Adobe
2014-12-28 23:43:35 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-12-28 23:43:23 449936 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2014-12-23 21:44:07 -------- d-----w- C:\AdwCleaner
2014-12-22 02:57:34 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-22 02:53:04 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-12-22 02:53:04 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-12-22 02:53:04 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-12-22 02:53:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-22 02:53:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 20:23:46 -------- d-----w- C:\Users\shebates\AppData\Roaming\AVAST Software
2014-12-21 20:19:06 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-12-21 20:19:06 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-12-21 20:19:06 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-12-21 20:19:06 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-12-21 20:19:06 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-12-21 20:19:06 116728 ----a-w- C:\windows\System32\drivers\aswStm.sys
2014-12-21 20:19:06 1050432 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-12-21 20:18:39 43152 ----a-w- C:\windows\avastSS.scr
2014-12-21 20:17:20 -------- d-----w- C:\Program Files\AVAST Software
2014-12-21 20:15:45 -------- d-----w- C:\ProgramData\AVAST Software
2014-12-21 04:38:48 22512 ----a-w- C:\windows\System32\drivers\SPPD.sys
2014-12-20 21:27:13 -------- d-----w- C:\Users\shebates\AppData\Local\Unity
2014-12-20 17:29:39 -------- d-----w- C:\Users\shebates\AppData\Local\Daring_Development_Inc
2014-12-20 17:29:27 -------- d-----w- C:\Program Files (x86)\Daring Development
2014-12-17 03:11:46 -------- d-----w- C:\Users\shebates\AppData\Local\HPConnectedMusic
2014-12-17 02:55:59 -------- d-----w- C:\Program Files (x86)\Audacity
2014-12-15 23:42:32 -------- d-----w- C:\Users\shebates\AppData\Local\Windows Live
2014-12-14 19:17:19 -------- d-----w- C:\Users\shebates\AppData\Local\Valassis
2014-12-13 23:21:23 -------- d-----w- C:\windows\System32\appraiser
2014-12-13 06:50:38 189128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-12-11 12:08:14 146432 ----a-w- C:\windows\System32\poqexec.exe
2014-12-11 12:08:13 129536 ----a-w- C:\windows\SysWow64\poqexec.exe
2014-12-10 22:24:56 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-12-10 13:52:13 34304 ----a-w- C:\windows\System32\DeviceSetupStatusProvider.dll
2014-12-10 13:52:12 28672 ----a-w- C:\windows\SysWow64\DeviceSetupStatusProvider.dll
2014-12-10 13:51:58 1970432 ----a-w- C:\windows\System32\crypt32.dll
2014-12-10 13:51:58 1612992 ----a-w- C:\windows\SysWow64\crypt32.dll
.
==================== Find3M  ====================
.
2014-12-03 23:37:36 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-03 23:09:06 830464 ----a-w- C:\windows\System32\appraiser.dll
2014-12-02 23:09:13 412672 ----a-w- C:\windows\System32\generaltel.dll
2014-12-02 23:09:10 740864 ----a-w- C:\windows\System32\invagent.dll
2014-12-02 23:09:09 396288 ----a-w- C:\windows\System32\devinv.dll
2014-12-02 23:09:08 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-02 23:09:08 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-11-27 21:05:18 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-26 21:10:48 714720 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 21:10:48 106976 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:44 417280 ----a-w- C:\windows\System32\html.iec
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:06:16 340992 ----a-w- C:\windows\SysWow64\html.iec
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:59:16 1032704 ----a-w- C:\windows\System32\inetcomm.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:29:28 880128 ----a-w- C:\windows\SysWow64\inetcomm.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-19 23:14:17 72248 ----a-w- C:\windows\System32\drivers\cricut_x64.sys
2014-11-09 23:19:36 806400 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-09 23:19:32 991232 ----a-w- C:\windows\System32\kerberos.dll
2014-11-09 23:18:47 208896 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-09 23:18:06 259584 ----a-w- C:\windows\System32\pku2u.dll
2014-11-07 04:16:02 1762840 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-07 03:26:52 1489072 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-10-31 23:57:48 1091072 ----a-w- C:\windows\System32\MrmCoreR.dll
2014-10-31 23:47:59 790528 ----a-w- C:\windows\SysWow64\MrmCoreR.dll
2014-10-31 05:12:41 143872 ----a-w- C:\windows\System32\wextract.exe
2014-10-31 05:12:05 13824 ----a-w- C:\windows\System32\mshta.exe
2014-10-31 05:10:13 167424 ----a-w- C:\windows\System32\iexpress.exe
2014-10-31 05:06:45 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-10-31 05:06:00 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-10-31 04:54:13 132096 ----a-w- C:\windows\System32\IEAdvpack.dll
2014-10-31 04:52:22 108544 ----a-w- C:\windows\System32\hlink.dll
2014-10-31 04:51:37 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-10-31 04:51:25 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-10-31 04:50:44 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-10-31 04:40:07 33280 ----a-w- C:\windows\System32\licmgr10.dll
2014-10-31 04:30:28 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-10-31 04:29:50 111616 ----a-w- C:\windows\System32\iesysprep.dll
2014-10-31 04:29:17 87552 ----a-w- C:\windows\System32\tdc.ocx
2014-10-31 03:44:32 2865152 ----a-w- C:\windows\System32\actxprxy.dll
2014-10-31 03:42:04 51200 ----a-w- C:\windows\System32\imgutil.dll
2014-10-31 03:28:47 137728 ----a-w- C:\windows\SysWow64\wextract.exe
2014-10-31 03:28:43 12800 ----a-w- C:\windows\SysWow64\mshta.exe
2014-10-31 03:27:26 152064 ----a-w- C:\windows\SysWow64\iexpress.exe
2014-10-31 03:24:23 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-10-31 03:23:37 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-10-31 03:14:25 112128 ----a-w- C:\windows\SysWow64\IEAdvpack.dll
2014-10-31 03:13:05 99328 ----a-w- C:\windows\SysWow64\hlink.dll
2014-10-31 03:12:17 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-10-31 03:11:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-10-31 03:03:33 27136 ----a-w- C:\windows\SysWow64\licmgr10.dll
2014-10-31 02:57:20 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-10-31 02:56:44 90624 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-10-31 02:56:18 73216 ----a-w- C:\windows\SysWow64\tdc.ocx
2014-10-31 02:26:38 1042944 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-10-31 02:24:42 40448 ----a-w- C:\windows\SysWow64\imgutil.dll
2014-10-23 05:48:37 81408 ----a-w- C:\windows\System32\packager.dll
2014-10-23 05:05:08 72192 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-18 06:50:21 17408 ----a-w- C:\windows\System32\wuaext.dll
2014-10-18 06:27:15 35840 ----a-w- C:\windows\System32\wuapp.exe
2014-10-18 06:26:48 140288 ----a-w- C:\windows\System32\wuwebv.dll
2014-10-18 06:23:51 407552 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2014-10-18 06:23:11 95744 ----a-w- C:\windows\System32\wudriver.dll
2014-10-18 06:20:43 1714176 ----a-w- C:\windows\System32\wucltux.dll
2014-10-18 06:14:54 29696 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-10-18 06:14:32 124928 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-10-18 06:12:10 81920 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-10-17 07:01:28 789184 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-17 06:58:44 602768 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-13 02:43:17 86336 ----a-w- C:\windows\System32\drivers\pdc.sys
2014-10-13 02:43:17 39744 -c--a-w- C:\windows\System32\drivers\intelpep.sys
2014-10-13 02:43:17 238912 -c--a-w- C:\windows\System32\drivers\sdbus.sys
2014-10-13 02:43:17 153920 -c--a-w- C:\windows\System32\drivers\dumpsd.sys
2014-10-13 02:33:24 116032 ----a-w- C:\windows\System32\consent.exe
2014-10-11 00:58:13 3320320 ----a-w- C:\windows\System32\msi.dll
2014-10-11 00:53:53 3607040 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-10 01:58:57 27456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2014-10-10 01:58:57 177472 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-10 01:44:01 563976 ----a-w- C:\windows\System32\drivers\cng.sys
2014-10-08 07:37:31 154112 ----a-w- C:\windows\System32\msaudite.dll
2014-10-08 07:37:27 736768 ----a-w- C:\windows\System32\adtschema.dll
2014-10-08 07:34:45 131584 ----a-w- C:\windows\System32\rdpudd.dll
2014-10-08 07:30:59 110080 ----a-w- C:\windows\System32\appinfo.dll
2014-10-08 07:24:03 40448 ----a-w- C:\windows\System32\rfxvmt.dll
2014-10-08 07:09:31 428032 ----a-w- C:\windows\System32\msihnd.dll
2014-10-08 06:56:48 445440 ----a-w- C:\windows\System32\certcli.dll
2014-10-08 06:51:16 154112 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-08 06:51:03 736768 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-08 06:27:17 325120 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-10-08 06:18:10 324096 ----a-w- C:\windows\SysWow64\certcli.dll
2014-10-08 06:17:58 1441792 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-08 05:32:48 2773504 ----a-w- C:\windows\System32\authui.dll
.
============= FINISH: 23:18:42.94 ===============
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by shebates on Sun 12/28/2014 at 23:04:26.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] couponprinterservice 
Successfully deleted: [Service] couponprinterservice 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/28/2014 at 23:10:10.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
# AdwCleaner v4.106 - Report created 28/12/2014 at 19:46:57
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : shebates - BATESFAMILY
# Running from : C:\Users\shebates\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3190 octets] - [23/12/2014 16:44:15]
AdwCleaner[R1].txt - [1065 octets] - [28/12/2014 19:45:16]
AdwCleaner[S0].txt - [3146 octets] - [23/12/2014 16:46:25]
AdwCleaner[S1].txt - [992 octets] - [28/12/2014 19:46:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1051 octets] ##########
 
 
 
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by shebates (administrator) on 28-12-2014 at 19:34:06
Running from "C:\Users\shebates\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BatesFamily
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-CF-5E-32-74-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-25-64-7E-18-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdc9:c2d0:1b91:0:2da0:7c8f:2a23:7939(Preferred) 
   Temporary IPv6 Address. . . . . . : fdc9:c2d0:1b91:0:c94a:918:68ce:bd15(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2da0:7c8f:2a23:7939%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.123(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 28, 2014 7:26:43 PM
   Lease Expires . . . . . . . . . . : Monday, December 29, 2014 7:26:43 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 153101668
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-34-EC-48-20-25-64-7E-18-1A
   DNS Servers . . . . . . . . . . . : 71.10.216.1
                                       71.10.216.2
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 18-CF-5E-32-74-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C1144B26-4943-4EC1-8B13-F1C179795005}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1cad:3e6b:e74a:c465(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cad:3e6b:e74a:c465%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-34-EC-48-20-25-64-7E-18-1A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  rns01.charter.com
Address:  71.10.216.1
 
Name:    google.com
Addresses:  2607:f8b0:4008:807::2000
 216.58.219.110
 216.58.219.96
 
 
Pinging google.com [216.58.219.110] with 32 bytes of data:
Reply from 216.58.219.110: bytes=32 time=32ms TTL=50
Reply from 216.58.219.110: bytes=32 time=32ms TTL=50
 
Ping statistics for 216.58.219.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 32ms, Average = 32ms
Server:  rns01.charter.com
Address:  71.10.216.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=42ms TTL=49
Reply from 98.139.183.24: bytes=32 time=42ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 42ms, Average = 42ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...1a cf 5e 32 74 5e ......Microsoft Wi-Fi Direct Virtual Adapter
  4...20 25 64 7e 18 1a ......Realtek PCIe GBE Family Controller
  3...18 cf 5e 32 74 5e ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.123     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.123    276
    192.168.1.123  255.255.255.255         On-link     192.168.1.123    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.123    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.123    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.123    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6abd:1cad:3e6b:e74a:c465/128
                                    On-link
  4    276 fdc9:c2d0:1b91::/64      On-link
  4    276 fdc9:c2d0:1b91:0:2da0:7c8f:2a23:7939/128
                                    On-link
  4    276 fdc9:c2d0:1b91:0:c94a:918:68ce:bd15/128
                                    On-link
  4    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::1cad:3e6b:e74a:c465/128
                                    On-link
  4    276 fe80::2da0:7c8f:2a23:7939/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/28/2014 07:30:16 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:16 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:13 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:13 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:12 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:12 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 06:54:56 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 06:54:56 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 06:54:52 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 06:54:52 PM) (Source: Microsoft-Windows-AppModel-State) (User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
 
System errors:
=============
Error: (12/28/2014 05:32:43 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (12/27/2014 07:30:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
 
Error: (12/27/2014 07:30:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (12/27/2014 07:08:31 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (12/27/2014 07:08:31 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (12/27/2014 07:05:08 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
 
Error: (12/27/2014 07:05:08 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (12/27/2014 02:44:21 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
 
Error: (12/27/2014 02:44:21 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (12/27/2014 09:33:16 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
 
 
Microsoft Office Sessions:
=========================
Error: (12/28/2014 07:30:16 PM) (Source: Microsoft-Windows-AppModel-State)(User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:16 PM) (Source: Microsoft-Windows-AppModel-State)(User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:13 PM) (Source: Microsoft-Windows-AppModel-State)(User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:13 PM) (Source: Microsoft-Windows-AppModel-State)(User: BATESFAMILY)
Description: winstore_cw5n1h2txyewy3
 
Error: (12/28/2014 07:30:12 PM) (Source: Microsoft-Windows-AppModel-State)(User: BATESFAMILY)
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 02 January 2015 - 11:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 shebates

shebates
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Union, SC
  • Local time:04:19 AM

Posted 03 January 2015 - 12:33 AM

Thanks for helping!  The computer itself seems to run OK..... 

Here are the logs:

 

 

# AdwCleaner v4.106 - Report created 02/01/2015 at 22:58:09
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : shebates - BATESFAMILY
# Running from : C:\Users\shebates\AppData\Local\Microsoft\Windows\INetCache\IE\XIFC31X3\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [3190 octets] - [23/12/2014 16:44:15]
AdwCleaner[R1].txt - [1065 octets] - [28/12/2014 19:45:16]
AdwCleaner[R2].txt - [1020 octets] - [02/01/2015 22:55:40]
AdwCleaner[S0].txt - [3146 octets] - [23/12/2014 16:46:25]
AdwCleaner[S1].txt - [1131 octets] - [28/12/2014 19:46:57]
AdwCleaner[S2].txt - [943 octets] - [02/01/2015 22:58:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1002 octets] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by shebates (administrator) on BATESFAMILY on 03-01-2015 00:25:59
Running from C:\Users\shebates\AppData\Local\Microsoft\Windows\INetCache\IE\XIFC31X3
Loaded Profile: shebates (Available profiles: shebates)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\shebates\AppData\Local\Microsoft\Windows\INetCache\IE\XIFC31X3\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-21] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2445283913-457269570-3134059941-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2445283913-457269570-3134059941-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.yahoo.com/?fr=hp-avast&type=agc511", "hxxp://www.google.com/", "https://www.facebook.com/"
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]
CHR Extension: (YouTube) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]
CHR Extension: (Google Search) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]
CHR Extension: (Google Wallet) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]
CHR Extension: (Gmail) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-28] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 cricut; C:\Windows\system32\DRIVERS\cricut_x64.sys [72248 2014-11-19] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 00:25 - 2015-01-03 00:26 - 00000000 ____D () C:\FRST
2015-01-03 00:15 - 2015-01-03 00:15 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-01 21:25 - 2015-01-01 21:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-01 21:25 - 2015-01-01 21:25 - 00002189 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-01 21:25 - 2015-01-01 21:25 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-01 21:25 - 2015-01-01 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-01 21:25 - 2015-01-01 21:25 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-01 21:25 - 2015-01-01 21:25 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-01-01 15:36 - 2015-01-01 16:03 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Coby Media Manager
2015-01-01 15:36 - 2015-01-01 15:36 - 00000000 ____D () C:\Users\shebates\Documents\Coby Media Manager
2015-01-01 15:30 - 2015-01-01 15:30 - 00001260 _____ () C:\Users\shebates\Desktop\Coby Media Manager.lnk
2015-01-01 15:30 - 2015-01-01 15:30 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coby Media Manager
2015-01-01 15:26 - 2015-01-01 15:26 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Coby
2014-12-28 23:18 - 2014-12-28 23:18 - 00031717 _____ () C:\Users\shebates\Desktop\dds.txt
2014-12-28 23:18 - 2014-12-28 23:18 - 00004693 _____ () C:\Users\shebates\Desktop\attach.txt
2014-12-28 23:04 - 2014-12-28 23:04 - 01707939 _____ (Thisisu) C:\Users\shebates\Downloads\JRT.exe
2014-12-28 23:04 - 2014-12-28 23:04 - 00000000 ____D () C:\windows\ERUNT
2014-12-28 23:01 - 2014-12-28 23:01 - 04166770 _____ () C:\Users\shebates\Downloads\tdsskiller.zip
2014-12-28 23:01 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\shebates\Downloads\TDSSKiller.exe
2014-12-28 19:44 - 2014-12-28 19:45 - 02173952 _____ () C:\Users\shebates\Downloads\adwcleaner_4.106.exe
2014-12-28 19:33 - 2014-12-28 19:33 - 00401920 _____ (Farbar) C:\Users\shebates\Downloads\MiniToolBox.exe
2014-12-28 19:29 - 2014-12-28 19:29 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-28 19:29 - 2014-12-28 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-28 18:54 - 2015-01-01 21:26 - 00000000 ____D () C:\Users\shebates\AppData\Local\Adobe
2014-12-28 18:43 - 2014-12-28 18:43 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-12-28 18:43 - 2014-12-28 18:43 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-28 18:43 - 2014-12-28 18:43 - 00001993 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-12-28 18:43 - 2014-12-21 15:18 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-26 23:47 - 2014-12-26 23:47 - 00880784 _____ (Google Inc.) C:\Users\shebates\Downloads\ChromeSetup.exe
2014-12-26 23:39 - 2014-12-26 23:39 - 00688992 ____R (Swearware) C:\Users\shebates\Downloads\dds.com
2014-12-23 16:44 - 2015-01-02 22:58 - 00000000 ____D () C:\AdwCleaner
2014-12-23 16:33 - 2014-12-28 19:04 - 00003288 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2445283913-457269570-3134059941-1001
2014-12-22 13:41 - 2014-12-22 13:41 - 00015360 _____ () C:\Users\shebates\Downloads\savings account ledger (1).xls
2014-12-22 13:40 - 2014-12-22 13:40 - 00000000 __RHD () C:\MSOCache
2014-12-22 13:38 - 2014-12-22 13:38 - 00015360 _____ () C:\Users\shebates\Downloads\savings account ledger.xls
2014-12-22 13:30 - 2014-12-22 13:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:29 - 2014-12-22 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-21 21:57 - 2015-01-03 00:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 21:54 - 2014-12-21 21:54 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 21:54 - 2014-12-21 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 21:53 - 2014-12-21 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 21:53 - 2014-12-21 21:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 21:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-21 21:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-21 21:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-21 21:51 - 2014-12-21 21:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\shebates\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-21 15:45 - 2014-12-21 20:57 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Google
2014-12-21 15:23 - 2014-12-21 15:23 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\AVAST Software
2014-12-21 15:21 - 2014-12-28 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-21 15:20 - 2014-12-28 18:43 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-21 15:19 - 2014-12-21 15:20 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-21 15:19 - 2014-12-21 15:20 - 00000000 ____D () C:\ProgramData\Google
2014-12-21 15:19 - 2014-12-21 15:19 - 00000000 ____D () C:\Program Files\Google
2014-12-21 15:19 - 2014-12-21 15:18 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-21 15:19 - 2014-12-21 15:18 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-21 15:18 - 2014-12-21 15:18 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-21 15:17 - 2014-12-21 15:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-21 15:15 - 2014-12-21 15:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-21 15:13 - 2014-12-21 15:15 - 05006864 _____ (AVAST Software) C:\Users\shebates\Downloads\avast_free_antivirus_setup_online (1).exe
2014-12-21 15:13 - 2014-12-21 15:14 - 05006864 _____ (AVAST Software) C:\Users\shebates\Downloads\avast_free_antivirus_setup_online.exe
2014-12-20 23:40 - 2014-12-20 23:40 - 00001302 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-12-20 23:39 - 2014-12-20 23:39 - 00000064 _____ () C:\Users\shebates\AppData\Local\333afca155f5fee5583b0e9468c59deb
2014-12-20 23:38 - 2014-12-20 23:38 - 00022512 _____ () C:\windows\system32\Drivers\SPPD.sys
2014-12-20 23:36 - 2014-12-20 23:37 - 00000000 ____D () C:\Users\shebates\Desktop\mc xbox maps
2014-12-20 23:36 - 2014-12-20 23:36 - 04038656 _____ () C:\Users\shebates\Downloads\ToyStoryAdventure
2014-12-20 23:35 - 2014-12-20 23:35 - 11657216 _____ () C:\Users\shebates\Downloads\Save20131205170554.bin
2014-12-20 21:52 - 2014-12-20 21:53 - 01716224 _____ () C:\Users\shebates\Downloads\DisneyPixarHG-1.bin
2014-12-20 21:50 - 2014-12-20 21:50 - 02179072 _____ () C:\Users\shebates\Downloads\Save20121113010223.bin
2014-12-20 16:27 - 2014-12-21 14:46 - 00000000 ____D () C:\Users\shebates\AppData\Local\Unity
2014-12-20 16:26 - 2014-12-20 16:26 - 01080608 _____ (Unity Technologies ApS) C:\Users\shebates\Downloads\UnityWebPlayer.exe
2014-12-20 12:43 - 2014-12-20 12:43 - 05677163 _____ () C:\Users\shebates\Downloads\Tave20140730132011 (2).bin
2014-12-20 12:42 - 2014-12-20 12:42 - 05677163 _____ () C:\Users\shebates\Downloads\Tave20140730132011 (1).bin
2014-12-20 12:35 - 2014-12-20 12:35 - 19140608 _____ () C:\Users\shebates\Downloads\Stampys_Lovely_World[Chrisdlb].bin
2014-12-20 12:29 - 2014-12-20 12:29 - 00000000 ____D () C:\Users\shebates\AppData\Local\Daring_Development_Inc
2014-12-20 12:29 - 2014-12-20 12:29 - 00000000 ____D () C:\Program Files (x86)\Daring Development
2014-12-16 22:11 - 2014-12-16 22:18 - 00007173 _____ () C:\Users\shebates\Desktop\Dads Pull Out Surprise Dubstep Dance For Christmas.aup
2014-12-16 22:11 - 2014-12-16 22:11 - 00000000 ____D () C:\Users\shebates\Desktop\Dads Pull Out Surprise Dubstep Dance For Christmas_data
2014-12-16 21:56 - 2014-12-21 21:01 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Audacity
2014-12-16 21:56 - 2014-12-16 21:56 - 00001038 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-12-16 21:56 - 2014-12-16 21:56 - 00001026 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-12-16 21:55 - 2014-12-16 21:56 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-12-16 21:55 - 2014-12-16 21:55 - 22892794 _____ (Audacity Team ) C:\Users\shebates\Downloads\audacity-win-2.0.6.exe
2014-12-16 21:55 - 2014-12-16 21:55 - 22892794 _____ (Audacity Team ) C:\Users\shebates\Desktop\audacity-win-2.0.6.exe
2014-12-15 18:42 - 2014-12-15 18:55 - 00000000 ____D () C:\Users\shebates\AppData\Local\Windows Live
2014-12-14 14:34 - 2014-12-14 14:34 - 02119632 _____ (Valassis) C:\Users\shebates\Downloads\P@H_prodcand-EktFgxgd.exe
2014-12-14 14:17 - 2014-12-14 14:17 - 02119632 _____ (Valassis) C:\Users\shebates\Downloads\P@H_prodcand-cn2n6R7i.exe
2014-12-14 14:17 - 2014-12-14 14:17 - 00000000 ____D () C:\Users\shebates\AppData\Local\Valassis
2014-12-13 18:21 - 2014-12-13 18:21 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-13 15:38 - 2014-12-13 15:37 - 01177600 _____ () C:\Users\shebates\Desktop\More Explosives Mod Installer.exe
2014-12-13 15:38 - 2014-12-13 15:35 - 01149952 _____ () C:\Users\shebates\Desktop\Sonic Ether's Shaders Mod Installer.exe
2014-12-13 15:37 - 2014-12-13 15:37 - 01177600 _____ () C:\Users\shebates\Downloads\More Explosives Mod Installer.exe
2014-12-13 15:35 - 2014-12-13 15:35 - 01149952 _____ () C:\Users\shebates\Downloads\Sonic Ether's Shaders Mod Installer.exe
2014-12-13 14:37 - 2014-12-13 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-12-13 14:36 - 2014-12-13 14:37 - 02080456 _____ (Coupons.com Incorporated) C:\Users\shebates\Downloads\couponprinter.exe
2014-12-11 07:08 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-12-11 07:08 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-12-10 17:26 - 2014-12-10 17:26 - 00002240 _____ () C:\Users\shebates\Desktop\HP Support Assistant.lnk
2014-12-10 17:24 - 2014-12-10 17:24 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-12-10 08:52 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 08:52 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 08:51 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 08:51 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-10 08:38 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 08:38 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 08:38 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 08:38 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 08:38 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 08:38 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 08:38 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 08:38 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 08:38 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 08:38 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 08:38 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-10 08:38 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 08:38 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 08:38 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 08:38 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 08:38 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 08:38 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 08:38 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-10 08:38 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-12-10 08:38 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 08:38 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 08:38 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 08:38 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2014-12-10 08:38 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 08:38 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-12-10 08:38 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 08:38 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 08:38 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 08:38 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 08:38 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 08:38 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 08:38 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-12-10 08:38 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 08:38 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 08:38 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2014-12-10 08:38 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 08:38 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-12-10 08:38 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 08:38 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 08:38 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 08:38 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 08:38 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 08:38 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 08:38 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 08:38 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 08:38 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 08:38 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 08:38 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:38 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-12-10 08:38 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2014-12-10 08:38 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-12-10 08:38 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-12-10 08:38 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-12-10 08:38 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 00:26 - 2014-11-16 17:53 - 01283790 _____ () C:\windows\WindowsUpdate.log
2015-01-03 00:19 - 2014-11-16 18:02 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2445283913-457269570-3134059941-1001
2015-01-03 00:18 - 2014-11-18 17:30 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-01-03 00:18 - 2014-06-04 12:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-03 00:14 - 2014-11-22 18:34 - 00000000 ___DO () C:\Users\shebates\OneDrive
2015-01-03 00:14 - 2014-11-16 18:01 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 00:06 - 2014-11-16 18:01 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 00:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-02 23:06 - 2013-08-24 16:38 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-02 22:59 - 2013-08-24 16:32 - 00037308 _____ () C:\windows\PFRO.log
2015-01-02 22:59 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-02 22:59 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-02 20:00 - 2014-11-16 17:57 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{50C7B854-87CE-4084-AA12-4274F87AC338}
2015-01-01 21:27 - 2014-11-19 18:14 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 21:26 - 2014-11-16 17:57 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\Adobe
2015-01-01 21:25 - 2014-11-19 18:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 16:47 - 2013-08-22 09:46 - 00024807 _____ () C:\windows\setupact.log
2015-01-01 16:34 - 2014-11-25 16:50 - 00003188 _____ () C:\windows\System32\Tasks\HPCeeScheduleForshebates
2015-01-01 16:34 - 2014-11-25 16:50 - 00000368 _____ () C:\windows\Tasks\HPCeeScheduleForshebates.job
2015-01-01 11:39 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2014-12-30 13:33 - 2014-11-18 17:37 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-30 13:33 - 2014-11-18 17:36 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-23 16:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-23 14:34 - 2014-11-27 16:05 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\.minecraft
2014-12-23 04:30 - 2014-11-16 18:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 13:41 - 2014-11-16 17:57 - 00000000 ____D () C:\Users\shebates\AppData\Local\Packages
2014-12-21 22:38 - 2014-06-04 13:29 - 00000000 ____D () C:\windows\en
2014-12-21 15:45 - 2014-11-16 18:01 - 00000000 ____D () C:\Users\shebates\AppData\Local\Google
2014-12-21 15:19 - 2014-11-16 18:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-20 23:40 - 2014-11-22 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-12-18 08:00 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2014-12-14 09:25 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2014-12-13 18:22 - 2013-08-22 09:44 - 00637016 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-13 18:21 - 2014-11-24 21:45 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-13 18:21 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2014-12-13 18:21 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2014-12-13 18:21 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 17:40 - 2014-11-18 16:59 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 17:38 - 2014-11-18 16:59 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-10 17:26 - 2014-06-04 12:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-10 17:26 - 2014-06-04 12:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-10 17:25 - 2014-06-04 12:53 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-10 17:24 - 2014-11-20 16:33 - 00000000 ____D () C:\Users\shebates\AppData\Roaming\hpqlog
2014-12-10 17:24 - 2014-06-04 12:53 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-10 17:23 - 2013-09-02 23:57 - 00000000 ____D () C:\SWSETUP

Some content of TEMP:
====================
C:\Users\shebates\AppData\Local\Temp\Quarantine.exe
C:\Users\shebates\AppData\Local\Temp\sp64126.exe
C:\Users\shebates\AppData\Local\Temp\sqlite3.dll
C:\Users\shebates\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-31 02:43

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 03 January 2015 - 09:53 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2445283913-457269570-3134059941-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "https://www.yahoo.com/?fr=hp-avast&type=agc511", "hxxp://www.google.com/", "https://www.facebook.com/"
CHR Extension: (Google Wallet) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 shebates

shebates
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Union, SC
  • Local time:04:19 AM

Posted 03 January 2015 - 02:26 PM

The trackid is still showing up.  It only shows up on Chrome, not IE.  I've done all of my corresponding on this topic through IE, but when I open Chrome and search something, such as "this sucks", it's still adding it to the end!  It even did it when I typed in random letters.  Sometimes, I can search for a broad topic, like New York City, and it will show only 7 results.  If I go back and delete the "trackid=..." stuff off of the end, it appears to be a normal search.  Although, I'm sure it's not.  Grrrrrr.....

 

 

Here is the fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by shebates at 2015-01-03 14:10:18 Run:1
Running from C:\Users\shebates\AppData\Local\Microsoft\Windows\INetCache\IE\8QYAQ3BH
Loaded Profile: shebates (Available profiles: shebates)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2445283913-457269570-3134059941-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "https://www.yahoo.com/?fr=hp-avast&type=agc511", "hxxp://www.google.com/", "https://www.facebook.com/"
CHR Extension: (Google Wallet) - C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2445283913-457269570-3134059941-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2445283913-457269570-3134059941-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
Chrome StartupUrls deleted successfully.
C:\Users\shebates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.

The system needed a reboot.

==== End of Fixlog 14:10:20 ====

 

 

 

And the SecurityCheck log:

 

 

 Results of screen317's Security Check version 0.99.93 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
Windows Defender                    
avast! Antivirus                    
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Reader XI 
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 03 January 2015 - 02:33 PM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

How is it now?

#7 shebates

shebates
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Union, SC
  • Local time:04:19 AM

Posted 03 January 2015 - 03:42 PM

Yay!!!!!  It appears to be gone.  I've started new searches, closed it, reopened it and typed in random stuff again, and it hasn't been attaching its nasty self to my words.  Thank you soooooo much!!!!  You're awesome!  Maybe I should have stayed with computer science as my major 20 years ago instead of becoming a teacher...... :flowers:



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 04 January 2015 - 08:02 AM

Looking good.

From the Security check.

Java 8 Update 25
Java version 32-bit out of Date!

You have the latest version for your 64 bit operating system.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 shebates

shebates
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Union, SC
  • Local time:04:19 AM

Posted 04 January 2015 - 02:26 PM

Where's the link to make donations to this website?  I thought I saw something like that one time.  I sooo appreciate your help.....and may need it again in the future!  I wanna make sure somebody will be here!  LOL



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 04 January 2015 - 04:00 PM

My services are free.
Thank you for the offer.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 11 January 2015 - 11:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users