Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several PUPs detected, please help me remove!


  • Please log in to reply
8 replies to this topic

#1 didsburydan

didsburydan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 21 January 2015 - 03:35 AM

I don't know what i clicked on but I have definitely been infected by something, after about 5 years virus free too (i'm usually more careful!)

Started as banner ads dominating my chrome pages, and random text turning into hyperlinks to dodgy ads.

Have already tried all sorts on my own such as malwarebytes, avast, housecall and when i think i've got rid of one of them, something else pops up so i'm turning to you guys to help me get rid of them once and for all. THANKS in advance.

 

Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by RTE at 19:26:17 on 2015-01-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8174.5227 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\XTab\ProtectService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\XTab\cmdshell.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\XTab\HPNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
uSearch Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290&q={searchTerms}
uDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
uDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290&q={searchTerms}
mStart Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Spotify Web Helper] "C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_0BB91644723432F01FA2CB4C3974E4A1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [AdobeBridge] <no file>
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
LSP: C:\windows\System32\LavasoftTcpService.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{238769D8-BD1D-4977-A00A-766D03886828} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971}\A5978554C4536343434727D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971}\E4564734F6D6D60275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B6109F0A-ACE5-4616-B7E8-82E053ED50E0} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
x64-mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1421825600&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290&q={searchTerms}
x64-mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290
x64-mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1421825600&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290&q={searchTerms}
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-1-7 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-1-7 224896]
R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\drivers\fltsrv.sys [2014-6-25 108832]
R0 tib;Acronis TIB Manager;C:\windows\System32\drivers\tib.sys [2014-6-25 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\windows\System32\drivers\tib_mounter.sys [2014-6-25 183224]
R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2014-6-25 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\windows\System32\drivers\vidsflt.sys [2014-6-25 117024]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-1-7 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-1-7 427360]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-6-25 3783672]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-9 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-1-7 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-7 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-17 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-17 1148560]
R2 IHProtect Service;IHProtect Service;C:\Program Files (x86)\XTab\ProtectService.exe [2015-1-16 158896]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-19 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-23 19823248]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-5-29 1141232]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-26 7084672]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-7 4799760]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-11-9 2656280]
R3 afcdp;afcdp;C:\windows\System32\drivers\afcdp.sys [2014-6-25 367200]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2013-11-9 42096]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-9 76912]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-7-11 129752]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-12-17 38032]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-11-9 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-16 12800]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-11-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-9 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-21 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-11-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-9 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-8 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-11-9 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2013-11-9 307304]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-11-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-11-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-21 07:40:20 -------- d-----w- C:\Users\RTE\AppData\Local\Lavasoft
2015-01-21 07:40:12 358736 ----a-w- C:\windows\System32\LavasoftTcpService64.dll
2015-01-21 07:40:10 312424 ----a-w- C:\windows\SysWow64\LavasoftTcpService.dll
2015-01-21 07:39:48 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-01-21 07:37:10 -------- d-----w- C:\ProgramData\7c04a282000016cd
2015-01-21 07:34:02 -------- d-----w- C:\ProgramData\IHProtectUpDate
2015-01-21 07:33:59 -------- d-----w- C:\Program Files (x86)\XTab
2015-01-21 07:33:26 -------- d-----w- C:\Users\RTE\AppData\Roaming\omiga-plus
2015-01-20 16:05:14 -------- d-----w- C:\Users\RTE\AppData\Local\WorldofTanks
2015-01-20 16:04:58 -------- d-----w- C:\Users\RTE\AppData\Local\Sparta
2015-01-16 12:50:25 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-01-15 10:27:39 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-01-15 10:27:39 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-01-15 10:27:39 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-01-14 12:59:40 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-01-14 12:59:39 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-01-14 12:59:38 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-01-14 12:59:37 503808 ----a-w- C:\windows\System32\srcore.dll
2015-01-14 12:59:37 50176 ----a-w- C:\windows\System32\srclient.dll
2015-01-14 12:59:37 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 12:59:37 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-01-14 12:59:37 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-01-14 12:59:36 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-01-11 01:13:07 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2015-01-11 01:12:42 -------- d-----w- C:\ProgramData\CanonIJPLM
2015-01-11 01:03:22 393728 ----a-w- C:\windows\System32\CNMXLMBW.DLL
2015-01-11 01:03:02 321536 ----a-w- C:\windows\SysWow64\CNC_BWL.dll
2015-01-11 01:03:02 15872 ----a-w- C:\windows\SysWow64\CNHMCA.dll
2015-01-11 00:58:18 -------- d-----w- C:\ProgramData\CanonIJWSpt
2015-01-11 00:54:39 -------- d-----w- C:\Program Files\Canon
2015-01-11 00:53:57 30208 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPDBW.DLL
2015-01-11 00:53:57 101888 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPPBW.DLL
2015-01-11 00:53:51 367104 ----a-w- C:\windows\System32\CNC_BWL.dll
2015-01-11 00:53:51 282624 ----a-w- C:\windows\System32\CNC_BWC.dll
2015-01-11 00:53:51 17920 ----a-w- C:\windows\System32\CNHMCA6.dll
2015-01-11 00:53:51 106496 ----a-w- C:\windows\System32\CNC_BWI.dll
2015-01-11 00:53:41 391168 ----a-w- C:\windows\System32\CNMLMBW.DLL
2015-01-11 00:52:24 -------- d-----w- C:\Program Files (x86)\Canon
2015-01-01 12:12:28 -------- d-----w- C:\Users\RTE\AppData\Local\Launcher
2015-01-01 12:12:28 -------- d-----w- C:\Users\RTE\AppData\Local\id Software
2015-01-01 12:10:04 -------- d-----w- C:\Program Files (x86)\Quake Live
2014-12-23 07:04:34 -------- d-----w- C:\Users\RTE\AppData\Roaming\3909
.
==================== Find3M  ====================
.
2015-01-21 08:23:44 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 06:43:22 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 06:43:22 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-13 00:12:24 2210040 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12:24 1291464 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12:12 2824504 ----a-w- C:\windows\System32\nvspcap64.dll
2014-12-13 00:12:12 1715224 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 10:46:30 38032 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2014-11-22 10:46:30 35472 ----a-w- C:\windows\System32\nvaudcap64v.dll
2014-11-22 10:46:30 32400 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 19:42:08 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-11-20 19:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-20 19:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-20 19:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-18 09:47:50 1691816 ----a-w- C:\windows\System32\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-03-03 21:37:27 226 ----a-w- C:\Program Files (x86)\update-southpark.bat
.
============= FINISH: 19:27:21.75 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 didsburydan

didsburydan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 21 January 2015 - 04:14 AM

Sorry, just ran another Malwarebytes scan with rootkit detection enabled. Think I've cured most of it but if someone could have a skim through this updated log and let me know for sure, thanks.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by RTE at 20:12:05 on 2015-01-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8174.5731 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Page = www.google.com
uDefault_Page_URL = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mDefault_Page_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Spotify Web Helper] "C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_0BB91644723432F01FA2CB4C3974E4A1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [AdobeBridge] <no file>
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
LSP: C:\windows\System32\LavasoftTcpService.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{238769D8-BD1D-4977-A00A-766D03886828} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971}\A5978554C4536343434727D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{957316BC-6206-4243-9E53-299CA6801971}\E4564734F6D6D60275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B6109F0A-ACE5-4616-B7E8-82E053ED50E0} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-1-7 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-1-7 224896]
R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\drivers\fltsrv.sys [2014-6-25 108832]
R0 tib;Acronis TIB Manager;C:\windows\System32\drivers\tib.sys [2014-6-25 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\windows\System32\drivers\tib_mounter.sys [2014-6-25 183224]
R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2014-6-25 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\windows\System32\drivers\vidsflt.sys [2014-6-25 117024]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-1-7 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-1-7 427360]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-6-25 3783672]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-9 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-1-7 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-7 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-17 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-17 1148560]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-19 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-23 19823248]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-5-29 1141232]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-26 7084672]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-7 4799760]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-11-9 2656280]
R3 afcdp;afcdp;C:\windows\System32\drivers\afcdp.sys [2014-6-25 367200]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2013-11-9 42096]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-9 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-12-17 38032]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-11-9 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-16 12800]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-11-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-9 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-21 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-11-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-9 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-8 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-11-9 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2013-11-9 307304]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-11-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-11-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-21 07:40:20 -------- d-----w- C:\Users\RTE\AppData\Local\Lavasoft
2015-01-21 07:40:12 358736 ----a-w- C:\windows\System32\LavasoftTcpService64.dll
2015-01-21 07:40:10 312424 ----a-w- C:\windows\SysWow64\LavasoftTcpService.dll
2015-01-21 07:39:48 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-01-21 07:37:10 -------- d-----w- C:\ProgramData\7c04a282000016cd
2015-01-20 16:05:14 -------- d-----w- C:\Users\RTE\AppData\Local\WorldofTanks
2015-01-20 16:04:58 -------- d-----w- C:\Users\RTE\AppData\Local\Sparta
2015-01-16 12:50:25 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-01-15 10:27:39 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-01-15 10:27:39 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-01-15 10:27:39 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-01-14 12:59:40 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-01-14 12:59:39 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-01-14 12:59:38 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-01-14 12:59:37 503808 ----a-w- C:\windows\System32\srcore.dll
2015-01-14 12:59:37 50176 ----a-w- C:\windows\System32\srclient.dll
2015-01-14 12:59:37 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 12:59:37 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-01-14 12:59:37 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-01-14 12:59:36 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-01-11 01:13:07 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2015-01-11 01:12:42 -------- d-----w- C:\ProgramData\CanonIJPLM
2015-01-11 01:03:22 393728 ----a-w- C:\windows\System32\CNMXLMBW.DLL
2015-01-11 01:03:02 321536 ----a-w- C:\windows\SysWow64\CNC_BWL.dll
2015-01-11 01:03:02 15872 ----a-w- C:\windows\SysWow64\CNHMCA.dll
2015-01-11 00:58:18 -------- d-----w- C:\ProgramData\CanonIJWSpt
2015-01-11 00:54:39 -------- d-----w- C:\Program Files\Canon
2015-01-11 00:53:57 30208 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPDBW.DLL
2015-01-11 00:53:57 101888 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPPBW.DLL
2015-01-11 00:53:51 367104 ----a-w- C:\windows\System32\CNC_BWL.dll
2015-01-11 00:53:51 282624 ----a-w- C:\windows\System32\CNC_BWC.dll
2015-01-11 00:53:51 17920 ----a-w- C:\windows\System32\CNHMCA6.dll
2015-01-11 00:53:51 106496 ----a-w- C:\windows\System32\CNC_BWI.dll
2015-01-11 00:53:41 391168 ----a-w- C:\windows\System32\CNMLMBW.DLL
2015-01-11 00:52:24 -------- d-----w- C:\Program Files (x86)\Canon
2015-01-01 12:12:28 -------- d-----w- C:\Users\RTE\AppData\Local\Launcher
2015-01-01 12:12:28 -------- d-----w- C:\Users\RTE\AppData\Local\id Software
2015-01-01 12:10:04 -------- d-----w- C:\Program Files (x86)\Quake Live
2014-12-23 07:04:34 -------- d-----w- C:\Users\RTE\AppData\Roaming\3909
.
==================== Find3M  ====================
.
2015-01-21 08:23:44 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 06:43:22 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 06:43:22 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-13 00:12:24 2210040 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12:24 1291464 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12:12 2824504 ----a-w- C:\windows\System32\nvspcap64.dll
2014-12-13 00:12:12 1715224 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 10:46:30 38032 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2014-11-22 10:46:30 35472 ----a-w- C:\windows\System32\nvaudcap64v.dll
2014-11-22 10:46:30 32400 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 19:42:08 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-11-20 19:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-20 19:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-20 19:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-18 09:47:50 1691816 ----a-w- C:\windows\System32\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-03-03 21:37:27 226 ----a-w- C:\Program Files (x86)\update-southpark.bat
.
============= FINISH: 20:12:40.89 ===============


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 21 January 2015 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
Wait for further instructions.

#4 didsburydan

didsburydan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 21 January 2015 - 10:25 AM

AdwCleaner log:

 

# AdwCleaner v4.108 - Report created 22/01/2015 at 02:15:07
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RTE - DAN
# Running from : C:\Users\RTE\Desktop\adwcleaner_4.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\7c04a282000016cd
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\RTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\RTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\RTE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.99
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [5020 octets] - [22/01/2015 02:02:53]
AdwCleaner[R1].txt - [5080 octets] - [22/01/2015 02:04:54]
AdwCleaner[R2].txt - [5140 octets] - [22/01/2015 02:08:26]
AdwCleaner[S0].txt - [5177 octets] - [22/01/2015 02:15:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5237 octets] ##########
 
Farbar log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by RTE (administrator) on DAN on 22-01-2015 02:21:07
Running from C:\Users\RTE\Desktop
Loaded Profiles: RTE (Available profiles: RTE & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-04] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [Spotify Web Helper] => C:\Users\RTE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-22] (Spotify Ltd)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [GoogleChromeAutoLaunch_0BB91644723432F01FA2CB4C3974E4A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\MountPoints2: {b1ad3e0a-5b09-11e3-be4c-e89a8fcf0c11} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2013-11-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8052AA3F-7A1F-42C4-83AD-A498A58741DC&SSPV=
CHR StartupUrls: Default -> "", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421825600&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-05]
CHR Extension: (Chatimity Chat Rooms) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkidbfikbdgnlcpblojgalecikphflj [2014-07-21]
CHR Extension: (Spotify - Music for every moment) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-08]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-05-05]
CHR Extension: (Hola Better Internet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-08]
CHR Extension: (Avast Online Security) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-05-08]
CHR Profile: C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]
CHR Extension: (Google Drive) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]
CHR Extension: (YouTube) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]
CHR Extension: (Google Search) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]
CHR Extension: (avast! Online Security) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (Skype Click to Call) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Gmail) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - Chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-04] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-22] (Electronic Arts)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1141232 2014-05-29] (Paramount Software UK Ltd)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-25] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-06-25] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-25] (Acronis International GmbH)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 02:21 - 2015-01-22 02:22 - 00032944 _____ () C:\Users\RTE\Desktop\FRST.txt
2015-01-22 02:21 - 2015-01-22 02:21 - 00000000 ____D () C:\FRST
2015-01-22 02:14 - 2015-01-22 02:14 - 02126848 _____ (Farbar) C:\Users\RTE\Desktop\FRST64.exe
2015-01-22 02:02 - 2015-01-22 02:15 - 00000000 ____D () C:\AdwCleaner
2015-01-22 02:02 - 2015-01-22 02:02 - 02186752 _____ () C:\Users\RTE\Desktop\adwcleaner_4.108.exe
2015-01-22 01:20 - 2015-01-22 01:20 - 00001536 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-22 01:20 - 2015-01-22 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-22 01:12 - 2015-01-22 01:13 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-22 01:11 - 2015-01-22 01:12 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\Origin
2015-01-22 01:11 - 2015-01-22 01:12 - 00000000 ____D () C:\Users\RTE\AppData\Local\Origin
2015-01-22 01:07 - 2015-01-22 02:03 - 00000000 ____D () C:\ProgramData\Origin
2015-01-22 01:07 - 2015-01-22 01:11 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-22 01:07 - 2015-01-22 01:07 - 00000994 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-01-22 01:07 - 2015-01-22 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-22 01:07 - 2015-01-22 01:07 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-01-22 01:02 - 2015-01-22 01:02 - 17102864 _____ (Electronic Arts, Inc.) C:\Users\RTE\Desktop\OriginThinSetup.exe
2015-01-21 19:27 - 2015-01-21 20:12 - 00034981 _____ () C:\Users\RTE\Desktop\dds.txt
2015-01-21 19:27 - 2015-01-21 20:12 - 00010822 _____ () C:\Users\RTE\Desktop\attach.txt
2015-01-21 19:26 - 2015-01-21 19:26 - 00688992 ____R (Swearware) C:\Users\RTE\Desktop\dds.com
2015-01-21 19:17 - 2015-01-21 19:17 - 00314776 _____ () C:\Users\RTE\AppData\Local\census.cache
2015-01-21 19:17 - 2015-01-21 19:17 - 00159888 _____ () C:\Users\RTE\AppData\Local\ars.cache
2015-01-21 18:48 - 2015-01-21 18:52 - 00013416 _____ () C:\Users\RTE\Desktop\software_removal_tool.log
2015-01-21 18:44 - 2015-01-21 18:44 - 02406064 _____ (Trend Micro Inc.) C:\Users\RTE\Desktop\HousecallLauncher64.exe
2015-01-21 18:44 - 2015-01-21 18:44 - 00000036 _____ () C:\Users\RTE\AppData\Local\housecall.guid.cache
2015-01-21 18:42 - 2015-01-21 18:42 - 00003130 _____ () C:\windows\System32\Tasks\{49E7B07E-8BF8-4A41-9877-2DF08594A8E6}
2015-01-21 18:40 - 2015-01-21 18:40 - 00004688 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2015-01-21 18:40 - 2015-01-21 18:40 - 00002520 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-21 18:40 - 2015-01-21 18:40 - 00002520 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\Users\RTE\AppData\Local\Lavasoft
2015-01-21 18:40 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-01-21 18:40 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-01-21 18:39 - 2015-01-21 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-21 18:39 - 2015-01-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-21 18:38 - 2015-01-21 18:38 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\Lavasoft
2015-01-21 18:38 - 2015-01-21 18:38 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-21 18:37 - 2015-01-21 18:38 - 08059016 _____ (Lavasoft) C:\Users\RTE\Desktop\WebCompanionInstaller.exe
2015-01-21 03:05 - 2015-01-21 03:05 - 00000000 ____D () C:\Users\RTE\AppData\Local\WorldofTanks
2015-01-21 03:04 - 2015-01-21 03:04 - 00000000 ____D () C:\Users\RTE\AppData\Local\Sparta
2015-01-20 20:08 - 2015-01-20 20:08 - 00019995 _____ () C:\Users\RTE\Desktop\[kickass.so]pokemon.x.3ds.contrast.torrent
2015-01-19 22:26 - 2015-01-19 22:55 - 1002496198 _____ () C:\Users\RTE\Downloads\American Sniper (2014) DvD Scr Rip - X264 lottery.mkv
2015-01-19 22:25 - 2015-01-19 22:25 - 00077232 _____ () C:\Users\RTE\Desktop\[kickass.so]american.sniper.2014.dvdscr.x264.playnow.torrent
2015-01-16 23:50 - 2014-12-12 04:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-15 21:27 - 2014-12-06 15:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-15 21:27 - 2014-12-06 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-15 21:27 - 2014-12-06 14:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 23:59 - 2014-12-19 14:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 23:59 - 2014-12-19 12:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 23:59 - 2014-12-12 16:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 23:59 - 2014-12-12 16:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 23:59 - 2014-12-12 16:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 23:59 - 2014-12-12 16:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 23:59 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 23:59 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 23:59 - 2014-12-12 16:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 15:56 - 2015-01-20 22:51 - 473374478 _____ () C:\Users\RTE\Downloads\Passion-HD - Morning Rush - Breanne Benson.mp4
2015-01-13 15:54 - 2015-01-13 15:54 - 00036930 _____ () C:\Users\RTE\Desktop\[kickass.so]passion.hd.morning.rush.breanne.benson.mp4.torrent
2015-01-12 22:53 - 2015-01-12 23:55 - 1411057664 _____ () C:\Users\RTE\Downloads\S.A.87_Maria.Ozawa.avi
2015-01-12 22:53 - 2015-01-12 22:53 - 00014073 _____ () C:\Users\RTE\Desktop\[kickass.so]sky.angel.87.maria.ozawa.2009.dvdrip.torrent
2015-01-12 22:10 - 2015-01-12 23:02 - 188850160 _____ () C:\Users\RTE\Desktop\S_Model__44_-_scene_4.avi
2015-01-12 21:47 - 2015-01-12 21:51 - 3367092860 _____ () C:\Users\RTE\Downloads\(SMD-63).Okinawa.Beach.Girl_Yui.Nanase.HD720p.mkv
2015-01-12 21:47 - 2015-01-12 21:47 - 00257757 _____ () C:\Users\RTE\Desktop\[torrent.cd].(SMD-63)_Okinawa_Beach_Girl_-_Yui_Nanase_[Uncensored_-_HD720p].torrent
2015-01-12 21:30 - 2015-01-12 23:34 - 575044250 _____ () C:\Users\RTE\Downloads\Wild Threesome With Yui Nanase At The Beach.mp4
2015-01-12 21:30 - 2015-01-12 21:30 - 00044622 _____ () C:\Users\RTE\Desktop\[kickass.so]wild.threesome.with.yui.nanase.at.the.beach.mp4.torrent
2015-01-12 20:41 - 2015-01-12 23:53 - 2289839109 _____ () C:\Users\RTE\Downloads\3xhd.us-032814-570-carib-high_1.mp4
2015-01-12 20:40 - 2015-01-12 20:40 - 00011540 _____ () C:\Users\RTE\Desktop\[kickass.so]caribbeancom.032814.570.shizuku.iori.jav.uncen.torrent
2015-01-11 12:13 - 2015-01-11 12:13 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-01-11 12:13 - 2015-01-11 12:13 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\Canon
2015-01-11 12:12 - 2015-01-11 15:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-11 12:03 - 2015-01-11 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2400 series
2015-01-11 12:03 - 2013-03-24 05:00 - 00393728 _____ (CANON INC.) C:\windows\system32\CNMXLMBW.DLL
2015-01-11 12:03 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\windows\SysWOW64\CNC_BWL.dll
2015-01-11 12:03 - 2012-11-09 10:41 - 00088064 _____ () C:\windows\SysWOW64\CNC176CD.TBL
2015-01-11 12:03 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2015-01-11 11:58 - 2015-01-11 11:58 - 00002036 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-01-11 11:58 - 2015-01-11 11:58 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-11 11:54 - 2015-01-11 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-11 11:54 - 2015-01-11 11:58 - 00000000 ____D () C:\Program Files\Canon
2015-01-11 11:54 - 2015-01-11 11:54 - 00002373 _____ () C:\Users\Public\Desktop\Canon MG2400 series On-screen Manual.lnk
2015-01-11 11:54 - 2015-01-11 11:54 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-11 11:54 - 2015-01-11 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2400 series Manual
2015-01-11 11:53 - 2015-01-11 11:53 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-11 11:53 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\windows\system32\CNMLMBW.DLL
2015-01-11 11:53 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\windows\system32\CNC_BWL.dll
2015-01-11 11:53 - 2012-11-09 10:41 - 00088064 _____ () C:\windows\system32\CNC176CD.TBL
2015-01-11 11:53 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\windows\system32\CNC_BWC.dll
2015-01-11 11:53 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\windows\system32\CNC_BWI.dll
2015-01-11 11:53 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\windows\system32\CNHMCA6.dll
2015-01-11 11:52 - 2015-01-11 12:03 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-04 11:30 - 2015-01-04 14:39 - 00013086 _____ () C:\Users\RTE\Documents\FOH 291214.xlsx
2015-01-03 04:09 - 2015-01-04 12:28 - 00000000 ____D () C:\Users\RTE\Downloads\BlowJobFridays.14.03.28.Veronica.Rodriguez.XXX.720p.MP4-KTR[rarbg]
2015-01-02 00:34 - 2015-01-02 00:34 - 04281016 _____ () C:\Users\RTE\Downloads\Elasto.Mania.v.1.11a.Full.Version.+.Extra.Pack.419.Levels.rar
2015-01-01 23:12 - 2015-01-01 23:12 - 00000000 ____D () C:\Users\RTE\AppData\Local\Launcher
2015-01-01 23:12 - 2015-01-01 23:12 - 00000000 ____D () C:\Users\RTE\AppData\Local\id Software
2015-01-01 23:10 - 2015-01-01 23:10 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake Live.lnk
2015-01-01 23:10 - 2015-01-01 23:10 - 00001050 _____ () C:\Users\Public\Desktop\Quake Live.lnk
2015-01-01 23:10 - 2015-01-01 23:10 - 00000000 ____D () C:\Program Files (x86)\Quake Live
2015-01-01 21:00 - 2015-01-01 21:00 - 00000000 ____D () C:\Users\RTE\Downloads\TwistysHard - Veronica Rodriguez { Spa Seduction - 12.30.2014 }  NEW December 30, 2014
2015-01-01 20:39 - 2015-01-04 13:11 - 482714601 _____ () C:\Users\RTE\Downloads\Hot Oil massage - Megan salinas.mp4
2015-01-01 20:39 - 2015-01-01 20:39 - 00000000 ____D () C:\Users\RTE\Downloads\[Mofos] LatinaSexTapes [Megan Salinas] Bikini Body Boobs [.mp4]
2014-12-28 12:40 - 2014-12-28 12:40 - 00013124 _____ () C:\Users\RTE\Documents\FOH 221214.xlsx
2014-12-27 23:47 - 2015-01-04 13:28 - 553403316 _____ () C:\Users\RTE\Downloads\bleepFever - Speedy bleep - Mandi Dee.wmv
2014-12-23 18:04 - 2014-12-23 18:04 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\3909
2014-12-23 18:03 - 2014-12-23 18:10 - 188895081 _____ (Subset Games ) C:\Users\RTE\Downloads\FTL_v1.5.4_Install.exe
2014-12-23 18:03 - 2014-12-23 18:03 - 00001689 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-12-23 17:59 - 2014-12-23 18:01 - 00000000 ____D () C:\Users\RTE\Downloads\Papers, Please [GOG] (+ v1.0.37 Update & Extras)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 02:19 - 2013-12-03 18:54 - 00000000 ____D () C:\Users\RTE\AppData\Local\CrashDumps
2015-01-22 02:17 - 2013-12-02 12:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 02:17 - 2009-07-14 15:51 - 00133966 _____ () C:\windows\setupact.log
2015-01-22 02:16 - 2013-11-09 06:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-22 02:16 - 2010-11-21 14:47 - 00212030 _____ () C:\windows\PFRO.log
2015-01-22 02:16 - 2009-07-14 16:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-22 02:15 - 2013-12-02 12:53 - 00001301 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-22 02:15 - 2013-12-02 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-22 02:15 - 2013-11-09 06:33 - 01283629 _____ () C:\windows\WindowsUpdate.log
2015-01-22 02:15 - 2013-11-08 13:29 - 00000956 _____ () C:\Users\RTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 02:00 - 2013-12-02 17:50 - 00000000 ____D () C:\Users\RTE\AppData\Local\Adobe
2015-01-22 01:43 - 2014-01-07 17:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 01:39 - 2013-12-02 12:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 01:20 - 2009-07-14 16:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 00:43 - 2009-07-14 15:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 00:43 - 2009-07-14 15:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 19:23 - 2014-07-11 01:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 18:49 - 2011-04-09 14:22 - 00000000 ____D () C:\windows\Panther
2015-01-21 12:12 - 2014-07-11 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 12:12 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\schemas
2015-01-21 12:11 - 2014-01-22 23:56 - 00000000 ____D () C:\Program Files (x86)\Rayman Legends
2015-01-21 11:41 - 2014-07-11 01:20 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 11:41 - 2014-07-11 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 10:12 - 2013-12-02 15:01 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\uTorrent
2015-01-18 22:49 - 2014-10-12 13:01 - 00033067 _____ () C:\Users\RTE\Documents\TIPS (2).xlsx
2015-01-18 22:48 - 2014-01-21 20:57 - 00000000 ____D () C:\Users\RTE\Documents\Rosters
2015-01-18 03:04 - 2013-11-08 15:13 - 00765700 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-18 03:04 - 2009-07-14 16:13 - 00765700 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-18 00:49 - 2014-01-07 16:47 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-15 03:10 - 2013-12-02 11:44 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 03:00 - 2013-12-02 11:44 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 23:49 - 2009-07-14 16:08 - 00032612 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-14 17:43 - 2014-01-07 17:05 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:43 - 2014-01-07 17:05 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:43 - 2014-01-07 17:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 16:37 - 2013-12-02 13:59 - 00000000 ____D () C:\Users\RTE\AppData\Roaming\vlc
2015-01-12 03:36 - 2013-12-04 23:28 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-01-11 12:03 - 2009-07-14 14:20 - 00000000 __RSD () C:\windows\Media
2015-01-07 18:42 - 2014-05-18 18:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2015-01-07 18:36 - 2014-05-18 18:50 - 00112304 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 19:17 - 2013-12-05 14:17 - 00001964 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-01-04 19:17 - 2013-12-05 14:17 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-01-04 19:17 - 2013-12-05 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-01-04 19:17 - 2013-12-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-01-04 19:17 - 2013-12-05 14:16 - 00000000 ____D () C:\Users\RTE\AppData\Local\Downloaded Installations
2015-01-04 14:55 - 2014-11-11 02:03 - 935085544 _____ () C:\Users\RTE\Downloads\[Tiny4k] Ariana Marie (Oil and Water - August 7, 2014).mp4
2015-01-04 13:32 - 2014-12-18 16:46 - 00000000 ____D () C:\Users\RTE\Downloads\TeenageDelinquents - Giselle Leon
2015-01-04 12:29 - 2014-04-17 09:21 - 00000000 ____D () C:\Users\RTE\Desktop\Games
2014-12-28 18:11 - 2014-12-07 14:09 - 00034298 _____ () C:\Users\RTE\Documents\TIPS (2) (Autosaved).xlsx
2014-12-27 23:33 - 2014-12-22 16:59 - 00000000 ____D () C:\Users\RTE\Downloads\Gone Girl (2014)
2014-12-27 16:15 - 2014-12-22 16:59 - 00000000 ____D () C:\Users\RTE\Downloads\Guardians of the Galaxy (2014)
2014-12-27 16:15 - 2014-12-22 16:58 - 00000000 ____D () C:\Users\RTE\Downloads\Dawn of the Planet of the Apes (2014)
2014-12-23 18:03 - 2014-03-23 02:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-23 18:03 - 2014-03-23 02:48 - 00000000 ____D () C:\GOG Games
2014-12-23 17:59 - 2014-12-22 16:59 - 00000000 ____D () C:\Users\RTE\Downloads\The Trip to Italy (2014) [1080p]
2014-12-23 11:33 - 2014-12-22 16:58 - 00000000 ____D () C:\Users\RTE\Downloads\The Lego Movie (2014) [1080p]
 
==================== Files in the root of some directories =======
2014-03-05 12:11 - 2014-03-04 08:37 - 0000226 _____ () C:\Program Files (x86)\update-southpark.bat
2014-03-05 12:11 - 2013-10-12 20:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2015-01-21 19:17 - 2015-01-21 19:17 - 0159888 _____ () C:\Users\RTE\AppData\Local\ars.cache
2015-01-21 19:17 - 2015-01-21 19:17 - 0314776 _____ () C:\Users\RTE\AppData\Local\census.cache
2014-09-18 13:14 - 2014-09-18 13:14 - 0006144 _____ () C:\Users\RTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-21 18:44 - 2015-01-21 18:44 - 0000036 _____ () C:\Users\RTE\AppData\Local\housecall.guid.cache
2014-11-24 10:39 - 2014-11-24 10:39 - 0000000 _____ () C:\Users\RTE\AppData\Local\{04E0F7A0-64AF-486D-A30D-A5488C8EAF52}
2014-09-02 09:59 - 2014-09-02 09:59 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\RTE\jagex_cl_runescape_LIVE.dat
C:\Users\RTE\random.dat
 
 
Some content of TEMP:
====================
C:\Users\RTE\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\RTE\AppData\Local\Temp\bassmod.dll
C:\Users\RTE\AppData\Local\Temp\drm_dialogs.dll
C:\Users\RTE\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RTE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RTE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\RTE\AppData\Local\Temp\KUIU.EXE
C:\Users\RTE\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\RTE\AppData\Local\Temp\MSETUP4.EXE
C:\Users\RTE\AppData\Local\Temp\namebench.exe
C:\Users\RTE\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\RTE\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\RTE\AppData\Local\Temp\nvStInst.exe
C:\Users\RTE\AppData\Local\Temp\ose00000.exe
C:\Users\RTE\AppData\Local\Temp\python27.dll
C:\Users\RTE\AppData\Local\Temp\Quarantine.exe
C:\Users\RTE\AppData\Local\Temp\SIntf16.dll
C:\Users\RTE\AppData\Local\Temp\SIntf32.dll
C:\Users\RTE\AppData\Local\Temp\SIntfNT.dll
C:\Users\RTE\AppData\Local\Temp\SpOrder.dll
C:\Users\RTE\AppData\Local\Temp\sqlite3.dll
C:\Users\RTE\AppData\Local\Temp\SRLDetectionLibrary6760820291912318435.dll
C:\Users\RTE\AppData\Local\Temp\tcl85.dll
C:\Users\RTE\AppData\Local\Temp\tk85.dll
C:\Users\RTE\AppData\Local\Temp\ubiF3C6.tmp.exe
C:\Users\RTE\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\RTE\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\RTE\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\RTE\AppData\Local\Temp\yhvyl7ub.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 01:24
 
==================== End Of Log ============================

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 22 January 2015 - 08:29 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8052AA3F-7A1F-42C4-83AD-A498A58741DC&SSPV=
CHR StartupUrls: Default -> "", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421825600&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290"
CHR Extension: (Hola Better Internet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
Task: {F34EAC04-EACA-445E-8F21-45E36CDFA401} - System32\Tasks\{49E7B07E-8BF8-4A41-9877-2DF08594A8E6} => pcalua.exe -a C:\Users\RTE\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=adks <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

If the problem persists continue:

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===


Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 didsburydan

didsburydan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 January 2015 - 09:23 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by RTE at 2015-01-24 01:03:38 Run:1
Running from C:\Users\RTE\Desktop\New folder
Loaded Profiles: RTE (Available profiles: RTE & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT ->
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8052AA3F-7A1F-42C4-83AD-A498A58741DC&SSPV=
CHR StartupUrls: Default -> "", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421825600&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421825631&from=adks&uid=WDCXWD7500BPVX-00FA7T0_WD-WX81A72K8290K8290"
CHR Extension: (Hola Better Internet) -
C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Google Wallet) - C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
Task: {F34EAC04-EACA-445E-8F21-45E36CDFA401} - System32\Tasks\{49E7B07E-8BF8-4A41-9877-2DF08594A8E6} => pcalua.exe -a C:\Users\RTE\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=adks <==== ATTENTION
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3927125601-3907104373-2235078998-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}" => Key deleted successfully.
HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => Key not found. 
HKU\SearchScopes: HKU\.DEFAULT ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT -> => Value not found.
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
CHR Extension: (Hola Better Internet) - directory not found.
"C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-08]" => File/Directory not found.
C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\RTE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F34EAC04-EACA-445E-8F21-45E36CDFA401}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F34EAC04-EACA-445E-8F21-45E36CDFA401}" => Key deleted successfully.
C:\Windows\System32\Tasks\{49E7B07E-8BF8-4A41-9877-2DF08594A8E6} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49E7B07E-8BF8-4A41-9877-2DF08594A8E6}" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 01:03:39 ====
 
 
 
 
 
 
 
 
 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Java 7 Update 71  
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.287  
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Symantec Norton Online Backup NOBuAgent.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 
 
 
Everything seems to be okay now. Thank you so much for your help thus far. If there's anything else i need to do let me know.
 
I noticed in one of the logs that traces of Norton still seem to be on my computer after i ran the removal tool years ago, is that okay staying put or is there any way of removing?


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 23 January 2015 - 10:41 AM

Are you referring to the Norton Backup.

I can give you a fix if you want to remove it.

#8 didsburydan

didsburydan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 January 2015 - 10:48 AM

yeah! if it's not doing any harm on my system them not to worry, just a bit annoying that even the removal tool doesn't completely get rid! 

 

apart from that, does everything look hunky-dory on my system?

 

also, apart from the last step with FRST, would the rest of what you walked me through be useful for another computer?... not mine, a work laptop (that i didn't infect... the manager before me) but seems to be bogged down with conduit malware.... dont wanna start a new post if it's easily fixable.


Edited by didsburydan, 23 January 2015 - 10:51 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 23 January 2015 - 01:44 PM

We do not service two computers on the same topic.

Run the AdwCleaner and clean everything that will be found.

I the problem persists Start a new topic and post a FRST and addition.txt logs.
Post the URL here and I will expedite the matter.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users