Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware in firefox only plus hd but could be others ie torn tvs


  • Please log in to reply
4 replies to this topic

#1 harryspotter

harryspotter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 22 January 2015 - 02:16 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by BigRed (administrator) on BIGRED-MK on 22-01-2015 19:10:02
Running from C:\Users\BigRed\Desktop\bleeping
Loaded Profiles: BigRed (Available profiles: BigRed)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
() C:\MBL\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Akamai Technologies, Inc.) C:\Users\BigRed\AppData\Local\Akamai\netsession_win.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
() C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\BigRed\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IITech.dk) C:\Program Files (x86)\SaxoUK\Saxo Capital Markets UK Ltd\IitClientStation2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\BigRed\Desktop\bleeping\FRST64 (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2012-01-30] (TrueCrypt Foundation)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [Akamai NetSession Interface] => C:\Users\BigRed\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [Google Update] => C:\Users\BigRed\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-30] (Google Inc.)
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe ()
Startup: C:\Users\BigRed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} =>  No File
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} =>  No File
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} =>  No File
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-1972273453-3807663751-171534141-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} http://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp - No CLSID Value
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6B62026A-7289-44C1-A31E-27C5E55E0829}: [NameServer] 95.169.183.219,89.41.60.38
 
FireFox:
========
FF ProfilePath: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1972273453-3807663751-171534141-1000: @citrixonline.com/appdetectorplugin -> C:\Users\BigRed\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1972273453-3807663751-171534141-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\BigRed\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1972273453-3807663751-171534141-1000: @talk.google.com/O1DPlugin -> C:\Users\BigRed\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1972273453-3807663751-171534141-1000: @tools.google.com/Google Update;version=3 -> C:\Users\BigRed\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1972273453-3807663751-171534141-1000: @tools.google.com/Google Update;version=9 -> C:\Users\BigRed\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\BigRed\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\BigRed\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\BigRed\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\onlysearchkms.xml
FF Extension: Playtopus  - C:\Users\BigRed\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com [2013-06-27]
FF Extension: TheTorntvs V10 1.1 - C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2015-01-01]
FF Extension: Plus-HD-9.4c - C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\prestonhull81@yahoo.com [2015-01-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-09-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=210914_ctrl&mntrid=546E00FF57F21DDF&tsp=5382"
CHR Profile: C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (YouTube) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-05]
CHR Extension: (Google Search) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-09]
CHR Extension: (Gmail) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-05]
CHR Extension: (donation reminder by easyfundraising) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2014-10-08]
CHR Profile: C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-16]
CHR Extension: (Google Search) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-16]
CHR Extension: (Gmail) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-16]
CHR Profile: C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (YouTube) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Google Search) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (AdBlock) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-30]
CHR Extension: (Google Wallet) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR Extension: (Find and Remind by easyfundraising) - C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2013-11-26]
CHR HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BigRed\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-07]
CHR HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
R2 MBServiceHost; C:\MBL\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe [40448 2013-06-04] () [File not signed]
R2 MSSQL$MBRAIN; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-05] (Nitro PDF Software)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEHRINGER_2902; C:\Windows\SysWOW64\Drivers\BUSB2902.sys [352256 2008-07-30] (BEHRINGER) [File not signed]
S3 BUSB_AUDIO_WDM; C:\Windows\SysWOW64\drivers\busbwdm.sys [33792 2008-07-30] (BEHRINGER) [File not signed]
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-02-10] (Windows ® 2003 DDK 3790 provider)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 19:09 - 2015-01-22 19:09 - 02126848 _____ (Farbar) C:\Users\BigRed\Downloads\FRST64 (2).exe
2015-01-22 19:08 - 2015-01-22 19:10 - 00000000 ____D () C:\Users\BigRed\Desktop\bleeping
2015-01-22 19:05 - 2015-01-22 19:06 - 02126848 _____ (Farbar) C:\Users\BigRed\Downloads\FRST64 (1).exe
2015-01-19 18:57 - 2015-01-19 18:57 - 00013606 _____ () C:\Users\BigRed\Documents\Rescued document 7.txt
2015-01-19 13:09 - 2015-01-19 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 11:36 - 2015-01-19 11:36 - 00022290 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (83).htm
2015-01-15 10:09 - 2015-01-15 10:09 - 00091186 _____ () C:\Users\BigRed\Downloads\Copy of ETF List.xlsx
2015-01-14 15:43 - 2015-01-14 15:43 - 00142920 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (82).htm
2015-01-14 13:22 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 13:22 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 13:22 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 13:22 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 13:22 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 13:22 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 13:22 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:22 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:22 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 13:22 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 13:22 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 13:22 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 13:22 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 20:05 - 2015-01-13 20:06 - 00000000 ____D () C:\Users\BigRed\Desktop\Hamm
2015-01-13 20:04 - 2015-01-13 20:04 - 00504771 _____ () C:\Users\BigRed\Downloads\rehamm.zip
2015-01-13 13:25 - 2015-01-13 13:25 - 00510001 _____ () C:\Users\BigRed\Documents\8 and 50 cross.cs2
2015-01-13 12:59 - 2015-01-13 12:59 - 00032794 _____ () C:\Users\BigRed\Downloads\message_zdm.html
2015-01-12 11:42 - 2015-01-12 11:42 - 00024064 _____ () C:\Users\BigRed\Downloads\MK Gone Aways (3).xlsx
2015-01-12 11:42 - 2015-01-12 11:42 - 00024064 _____ () C:\Users\BigRed\Downloads\MK Gone Aways (2).xlsx
2015-01-12 11:42 - 2015-01-12 11:42 - 00024064 _____ () C:\Users\BigRed\Downloads\MK Gone Aways (1).xlsx
2015-01-12 09:54 - 2015-01-12 10:40 - 00000000 ____D () C:\Users\BigRed\Desktop\minerva probs
2015-01-12 09:50 - 2015-01-12 09:50 - 13924864 _____ () C:\Users\BigRed\Downloads\MK Missing Data (3).xlsx
2015-01-12 09:49 - 2015-01-12 09:49 - 13924864 _____ () C:\Users\BigRed\Downloads\MK Missing Data (2).xlsx
2015-01-12 09:48 - 2015-01-12 09:48 - 13924864 _____ () C:\Users\BigRed\Downloads\MK Missing Data (1).xlsx
2015-01-09 16:16 - 2015-01-09 16:16 - 00024064 _____ () C:\Users\BigRed\Downloads\MK Gone Aways.xlsx
2015-01-09 16:11 - 2015-01-09 16:12 - 13924864 _____ () C:\Users\BigRed\Downloads\MK Missing Data.xlsx
2015-01-09 11:50 - 2015-01-09 11:50 - 00282624 _____ () C:\Users\BigRed\Desktop\lead tracker.xls
2015-01-08 11:38 - 2015-01-08 11:59 - 1002496198 ____R () C:\Users\BigRed\Downloads\American Sniper (2014) DvD Scr Rip - X264 lottery.mkv
2015-01-08 11:38 - 2015-01-08 11:38 - 00077233 _____ () C:\Users\BigRed\Downloads\[kickass.so]american.sniper.2014.dvdscr.x264.playnow.torrent
2015-01-08 11:35 - 2015-01-08 11:35 - 00011145 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e12.hdtv.x264.chamee.torrent
2015-01-08 10:42 - 2015-01-08 10:42 - 00013121 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e12.we.are.grounders.i.mp4 (1).torrent
2015-01-08 10:40 - 2015-01-08 10:40 - 00028832 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e11.repack.fastsub.vostfr.hdtv.xvid.proteigon.avi.torrent
2015-01-08 10:39 - 2015-01-08 10:39 - 00028619 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e10.fastsub.vostfr.hdtv.xvid.atn.avi.torrent
2015-01-08 10:39 - 2015-01-08 10:39 - 00027499 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e09.hdtv.xvid.afg.torrent
2015-01-08 10:38 - 2015-01-08 10:38 - 00028832 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e07.repack.fastsub.vostfr.hdtv.xvid.proteigon.avi.torrent
2015-01-08 10:38 - 2015-01-08 10:38 - 00028665 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e08.hdtv.xvid.fum.ettv.torrent
2015-01-08 10:37 - 2015-01-08 10:37 - 00013527 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e06.hdtv.x264.2hd.eztv.torrent
2015-01-08 10:24 - 2015-01-08 10:24 - 00023446 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e05.hdtv.x264.2hd.ettv.torrent
2015-01-08 10:23 - 2015-01-08 10:23 - 00032749 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e04.hdtv.x264.2hd.ettv.torrent
2015-01-08 10:22 - 2015-01-08 10:22 - 00013747 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e03.proper.hdtv.x264.killers.torrent
2015-01-08 10:21 - 2015-01-08 10:21 - 00034271 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e02.hdtv.x264.batv.ettv.torrent
2015-01-08 10:21 - 2015-01-08 10:21 - 00028783 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e01.hdtv.x264.2hd.ettv.torrent
2015-01-08 10:20 - 2015-01-08 10:20 - 00013121 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e12.we.are.grounders.i.mp4.torrent
2015-01-08 10:17 - 2015-01-08 10:17 - 00018927 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.100.s01e13.hdtv.x264.lol.eztv.torrent
2015-01-07 12:11 - 2015-01-07 12:11 - 00022165 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (81).htm
2015-01-06 16:12 - 2015-01-06 16:12 - 00022165 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (80).htm
2015-01-06 13:56 - 2015-01-06 13:56 - 00054784 _____ () C:\Users\BigRed\Downloads\Scottishlife.xls
2015-01-06 12:59 - 2015-01-06 12:59 - 00000000 ____D () C:\Users\BigRed\AppData\Local\Skype
2015-01-06 12:58 - 2015-01-09 11:53 - 00000000 ____D () C:\Users\BigRed\AppData\Roaming\Skype
2015-01-06 12:58 - 2015-01-06 12:58 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-06 12:58 - 2015-01-06 12:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-06 12:58 - 2015-01-06 12:58 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 12:58 - 2015-01-06 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-06 12:57 - 2015-01-06 12:57 - 01548384 _____ (Skype Technologies S.A.) C:\Users\BigRed\Downloads\SkypeSetup.exe
2015-01-06 12:18 - 2015-01-21 07:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-06 12:18 - 2015-01-06 12:18 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 12:18 - 2015-01-06 12:18 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-06 12:16 - 2015-01-06 12:16 - 00244128 _____ () C:\Users\BigRed\Downloads\Firefox Setup Stub 34.0.5.exe
2015-01-06 11:49 - 2015-01-06 11:49 - 00375106 _____ () C:\Users\BigRed\Desktop\trail not paid report.csv
2015-01-06 11:49 - 2015-01-06 11:49 - 00043008 _____ () C:\Users\BigRed\Desktop\from alan checking on trail cases MK1.xls
2015-01-06 11:48 - 2015-01-06 11:48 - 00044032 _____ () C:\Users\BigRed\Desktop\For Lucy.xls
2015-01-06 11:24 - 2015-01-06 11:24 - 00022528 _____ () C:\Users\BigRed\Downloads\MK1 (2).xlsx
2015-01-06 10:55 - 2015-01-06 10:55 - 00529118 _____ () C:\Users\BigRed\Downloads\595017.csv
2015-01-05 12:43 - 2015-01-05 12:43 - 00881266 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (79).htm
2015-01-05 11:41 - 2015-01-05 11:41 - 00020344 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (78).htm
2015-01-05 11:39 - 2015-01-05 11:39 - 00002106 _____ () C:\Users\Public\Desktop\mailcredit.lnk
2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FP
2015-01-05 11:36 - 2015-01-05 11:36 - 00000000 ____D () C:\Users\BigRed\Downloads\mymail (2)
2015-01-05 11:35 - 2015-01-05 11:35 - 02727727 _____ () C:\Users\BigRed\Downloads\mymail (2).zip
2015-01-01 11:48 - 2015-01-01 12:27 - 00000000 ____D () C:\Users\BigRed\Downloads\The Help (2011)
2015-01-01 11:45 - 2015-01-01 11:46 - 00018082 _____ () C:\Users\BigRed\Downloads\[kickass.so]the.help.2011.720p.brrip.x264.850mb.yify.torrent
2014-12-30 18:24 - 2014-12-30 18:24 - 00022290 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (77).htm
2014-12-30 18:14 - 2014-12-30 18:14 - 00148392 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (76).htm
2014-12-30 18:09 - 2014-12-30 18:10 - 00017920 _____ () C:\Users\BigRed\Downloads\audit trail (3).xls
2014-12-23 11:07 - 2014-12-23 11:07 - 00021057 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (75).htm
2014-12-23 11:06 - 2014-12-23 11:06 - 00021058 _____ () C:\Users\BigRed\Downloads\Encrypted_Message (74).htm
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 19:10 - 2014-05-18 16:01 - 00000000 ____D () C:\FRST
2015-01-22 19:07 - 2014-05-18 16:02 - 00043873 _____ () C:\Users\BigRed\Downloads\FRST.txt
2015-01-22 19:03 - 2012-06-05 10:36 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 19:01 - 2014-11-27 11:33 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1972273453-3807663751-171534141-1000.job
2015-01-22 19:01 - 2014-09-15 12:16 - 00000000 ____D () C:\Users\BigRed\AppData\Local\CrashDumps
2015-01-22 19:01 - 2014-06-30 12:24 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000UA.job
2015-01-22 19:01 - 2013-12-10 14:02 - 00000000 ____D () C:\Users\BigRed\AppData\Local\Livedrive
2015-01-22 18:23 - 2014-06-24 19:42 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 17:26 - 2014-06-25 22:24 - 00000000 ____D () C:\Users\BigRed\Desktop\trading
2015-01-22 16:25 - 2013-05-23 13:33 - 00000354 _____ () C:\windows\Tasks\Playtopus Updater.job
2015-01-22 15:26 - 2014-08-03 15:40 - 00000000 ____D () C:\Users\BigRed\Desktop\2013-14 accounts
2015-01-22 13:54 - 2013-04-17 14:48 - 00000000 ____D () C:\Users\BigRed\Desktop\745 fishponds
2015-01-22 13:08 - 2011-08-15 16:08 - 00000000 ____D () C:\Users\BigRed\Desktop\unused
2015-01-22 10:03 - 2012-06-05 10:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 10:01 - 2014-06-02 10:04 - 00000000 ____D () C:\Users\BigRed\Desktop\reviews
2015-01-22 07:51 - 2014-06-30 12:23 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1000Core.job
2015-01-22 07:48 - 2010-11-07 23:10 - 01997615 _____ () C:\windows\WindowsUpdate.log
2015-01-21 07:14 - 2009-07-14 04:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 07:14 - 2009-07-14 04:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 07:06 - 2011-08-15 14:58 - 00000000 ____D () C:\Users\BigRed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-01-21 07:05 - 2014-04-29 11:01 - 00012893 _____ () C:\windows\setupact.log
2015-01-21 07:05 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-20 23:21 - 2013-11-07 11:01 - 00833648 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-20 23:21 - 2009-07-14 05:13 - 00833648 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-16 11:25 - 2011-09-16 08:17 - 00461312 ___SH () C:\Users\BigRed\Desktop\Thumbs.db
2015-01-16 03:23 - 2014-02-17 13:25 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 03:01 - 2014-02-17 13:25 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 20:03 - 2013-01-07 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-13 20:00 - 2014-06-24 19:42 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:00 - 2014-06-24 19:41 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:00 - 2014-06-24 19:41 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 15:54 - 2013-01-07 13:09 - 00000000 ___RD () C:\Users\BigRed\Google Drive
2015-01-10 11:38 - 2014-11-11 13:07 - 00000000 ____D () C:\Users\BigRed\Desktop\BROADBAND SPPED
2015-01-10 10:38 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-08 13:01 - 2014-03-08 14:12 - 00000000 ____D () C:\Users\BigRed\AppData\Roaming\uTorrent
2015-01-08 11:33 - 2013-09-27 12:52 - 00000000 ____D () C:\Users\BigRed\Desktop\cpd mk
2015-01-06 21:08 - 2010-11-08 00:11 - 00896304 _____ () C:\windows\PFRO.log
2015-01-06 10:49 - 2014-09-22 14:34 - 00022016 _____ () C:\Users\BigRed\Desktop\fao Tsang.xls
2015-01-06 04:36 - 2011-08-15 15:29 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-23 11:04 - 2014-07-03 11:03 - 00000000 ____D () C:\Users\BigRed\Desktop\blank loa
2014-12-23 11:03 - 2013-11-25 10:08 - 00000000 ____D () C:\Users\BigRed\Desktop\minerva
 
==================== Files in the root of some directories =======
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\BigRed\AppData\Roaming\HAPSYPI
2014-09-01 08:18 - 2014-09-01 08:18 - 0002086 _____ () C:\Users\BigRed\AppData\Roaming\HTOCLOM
2011-11-28 14:04 - 2011-12-01 10:47 - 0214016 _____ () C:\Users\BigRed\AppData\Roaming\SharedSettings.ccs
2011-12-01 10:40 - 2011-12-01 10:40 - 0033193 _____ () C:\Users\BigRed\AppData\Roaming\UserTile.png
2014-09-01 08:18 - 2014-09-01 08:18 - 0001248 _____ () C:\Users\BigRed\AppData\Roaming\WPHT
2014-08-12 17:23 - 2014-08-12 17:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-12 10:19 - 2013-10-12 10:20 - 0143021 _____ () C:\ProgramData\ProspectorUninstall.log
2010-11-07 23:20 - 2010-11-07 23:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-07 23:18 - 2010-11-07 23:19 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-11-07 23:14 - 2010-11-07 23:15 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-07 23:19 - 2010-11-07 23:20 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-11-07 23:14 - 2010-11-07 23:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-11-07 23:16 - 2010-11-07 23:18 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
Some content of TEMP:
====================
C:\Users\BigRed\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6zlij.dll
C:\Users\BigRed\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\BigRed\AppData\Local\Temp\Foxit Updater.exe
C:\Users\BigRed\AppData\Local\Temp\HitmanPro.exe
C:\Users\BigRed\AppData\Local\Temp\ICReinstall_BitZipperSetup.exe
C:\Users\BigRed\AppData\Local\Temp\LD1785.tmp.exe
C:\Users\BigRed\AppData\Local\Temp\LDA311.tmp.exe
C:\Users\BigRed\AppData\Local\Temp\ld_389893.exe
C:\Users\BigRed\AppData\Local\Temp\ld_402108.exe
C:\Users\BigRed\AppData\Local\Temp\Update.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 10:15
 
==================== End Of Log ============================
 
 
I had a similar virus last year in chrome and you helped remove that, then this appeared in firefox.  Once I go into my email it opens new pages, full of ads etc.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:23 PM

Posted 22 January 2015 - 08:17 PM

Hello harryspotter,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   5.02KB   10 downloads

 

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:23 PM

Posted 26 January 2015 - 01:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:23 AM

Posted 26 January 2015 - 05:50 PM

This topic has been re-opened at the request of the person who originally posted.

#5 harryspotter

harryspotter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 27 January 2015 - 02:54 AM

# AdwCleaner v4.109 - Report created 26/01/2015 at 23:10:24
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : BigRed - BIGRED-MK
# Running from : C:\Users\BigRed\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\JustCloud
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\TheTorntv V10
Folder Deleted : C:\Program Files (x86)\HD-V9.4
Folder Deleted : C:\Program Files (x86)\Plus500
Folder Deleted : C:\Users\BigRed\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\BigRed\AppData\Local\globalUpdate
Folder Deleted : C:\Users\BigRed\AppData\Local\onlysearch
Folder Deleted : C:\Users\BigRed\AppData\Local\Plus500
Folder Deleted : C:\Users\BigRed\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\BigRed\AppData\Roaming\TornTV.com
Folder Deleted : C:\Users\BigRed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
File Deleted : C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\MyOnlineSearch.xml
File Deleted : C:\Users\BigRed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : f2935c29-7f5a-4546-8a7a-3d3639b9c56d-3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v35.0 (x86 en-GB)
 
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22ama[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22opti[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aprestonhull81yahoocom61774.61774.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropologie.[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aprestonhull81yahoocom61774.61774.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%22%2C%22pctools.com%[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.aprestonhull81yahoocom61774.61774.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22ur[...]
[lupzdjz1.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14aa7396c5523023187224b46553229b");
 
-\\ Google Chrome v40.0.2214.91
 
 
*************************
 
AdwCleaner[R0].txt - [1180 octets] - [29/04/2014 06:48:08]
AdwCleaner[R1].txt - [1117 octets] - [18/05/2014 15:45:53]
AdwCleaner[R2].txt - [1177 octets] - [18/05/2014 15:50:53]
AdwCleaner[R3].txt - [4381 octets] - [26/01/2015 23:06:18]
AdwCleaner[S0].txt - [1249 octets] - [29/04/2014 06:56:25]
AdwCleaner[S1].txt - [4285 octets] - [26/01/2015 23:10:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4345 octets] ##########
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by BigRed at 2015-01-26 22:23:28 Run:2
Running from C:\Users\BigRed\Desktop\bleeping
Loaded Profiles: BigRed (Available profiles: BigRed)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe ()
hellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} =>  No File
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} =>  No File
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} =>  No File
F SearchPlugin: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\onlysearchkms.xml
FF Extension: Playtopus  - C:\Users\BigRed\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com [2013-06-27]
FF Extension: TheTorntvs V10 1.1 - C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2015-01-01]
FF Extension: Plus-HD-9.4c - C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\prestonhull81@yahoo.com [2015-01-05]
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=210914_ctrl&mntrid=546E00FF57F21DDF&tsp=5382"
CHR HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BigRed\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-07]
CHR HKU\S-1-5-21-1972273453-3807663751-171534141-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
Emptytemp:
Task: {8E5BDF5C-2699-4EFC-B783-C30F4B4649BA} - \LaunchApp No Task File <==== ATTENTION
Task: C:\windows\Tasks\Playtopus Updater.job => C:\Users\BigRed\AppData\Local\PLAYTO~1\Updater.dll <==== ATTENTION
ask: C:\windows\Tasks\f2935c29-7f5a-4546-8a7a-3d3639b9c56d-3.job => C:\Program Files (x86)\HD-V9.4\f2935c29-7f5a-4546-8a7a-3d3639b9c56d-3.exe <==== ATTENTION
Task: {7FA497FB-488C-42D3-8AA6-92D526098D7F} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\BigRed\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\BigRed\Downloads\0FAA6394-00002D99.eml:OECustomProperty
AlternateDataStreams: C:\Users\BigRed\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\BigRed\Downloads\Reading Volunteer.eml:OECustomProperty
AlternateDataStreams: C:\Users\BigRed\Downloads\RE_ new sewer connection.eml:OECustomProperty
 
 
*****************
 
C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe => Moved successfully.
hellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\02SyncingModule" => Key deleted successfully.
HKCR\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\03SyncedModule" => Key deleted successfully.
HKCR\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => Key not found. 
F SearchPlugin: C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\MyOnlineSearch.xml => Error: No automatic fix found for this entry.
C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\searchplugins\onlysearchkms.xml => Moved successfully.
C:\Users\BigRed\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com => Moved successfully.
C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com => Moved successfully.
C:\Users\BigRed\AppData\Roaming\Mozilla\Firefox\Profiles\lupzdjz1.default\Extensions\prestonhull81@yahoo.com => Moved successfully.
Chrome StartupUrls deleted successfully.
"HKU\S-1-5-21-1972273453-3807663751-171534141-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\Users\BigRed\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
"HKU\S-1-5-21-1972273453-3807663751-171534141-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E5BDF5C-2699-4EFC-B783-C30F4B4649BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E5BDF5C-2699-4EFC-B783-C30F4B4649BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
C:\windows\Tasks\Playtopus Updater.job => Moved successfully.
ask: C:\windows\Tasks\f2935c29-7f5a-4546-8a7a-3d3639b9c56d-3.job => C:\Program Files (x86)\HD-V9.4\f2935c29-7f5a-4546-8a7a-3d3639b9c56d-3.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FA497FB-488C-42D3-8AA6-92D526098D7F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA497FB-488C-42D3-8AA6-92D526098D7F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Playtopus Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Playtopus Updater" => Key deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\BigRed\Downloads\0FAA6394-00002D99.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\BigRed\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\BigRed\Downloads\Reading Volunteer.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\BigRed\Downloads\RE_ new sewer connection.eml => ":OECustomProperty" ADS removed successfully.
EmptyTemp: => Removed 17.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:28:05 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users