Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Trovi Virus - Tried everything!


  • This topic is locked This topic is locked
12 replies to this topic

#1 noshirtsallowed

noshirtsallowed

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 27 January 2015 - 06:48 AM

Greetings BC!

 

I have been dealing with a recent virus? I have read this forum to figure out how to remove viruses and more importantly the TROVI search engine. I have tried everything from virus removals to malwarebytes, to adwcleaner, etc..

 

Nothing seems to work.

 

My computer has also been running a lot slower, and would like to basically clean it all thoroughly fresh, as if I re-installed windows.

 

Attached is the tdsskiller log as well as malwarebytes.

 

Minitoolbox log 

 

 

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : -PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wireless.umass.edu
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-03-25-3E-2F-9E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : wireless.umass.edu
   Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
   Physical Address. . . . . . . . . : 00-1F-3C-A1-43-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 72.19.77.98(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 27, 2015 5:42:16 AM
   Lease Expires . . . . . . . . . . : Tuesday, January 27, 2015 6:55:53 AM
   Default Gateway . . . . . . . . . : 72.19.76.1
   DHCP Server . . . . . . . . . . . : 128.119.10.12
   DNS Servers . . . . . . . . . . . : 128.119.101.1
                                       128.119.101.2
   Primary WINS Server . . . . . . . : 128.119.166.43
   Secondary WINS Server . . . . . . : 128.119.166.173
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.wireless.umass.edu:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wireless.umass.edu
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:206b:29c1:b7ec:b29d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::206b:29c1:b7ec:b29d%13(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : wireless.umass.edu
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4813:4d62::4813:4d62(Preferred) 
   Default Gateway . . . . . . . . . : 2002:c058:6301::1
   DNS Servers . . . . . . . . . . . : 128.119.101.1
                                       128.119.101.2
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-anycast-1.oit.umass.edu
Address:  128.119.101.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:808::1008
 74.125.226.72
 74.125.226.64
 74.125.226.66
 74.125.226.69
 74.125.226.78
 74.125.226.73
 74.125.226.65
 74.125.226.68
 74.125.226.67
 74.125.226.71
 74.125.226.70
 
 
Pinging google.com [74.125.226.66] with 32 bytes of data:
Reply from 74.125.226.66: bytes=32 time=7ms TTL=55
Reply from 74.125.226.66: bytes=32 time=7ms TTL=55
 
Ping statistics for 74.125.226.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 7ms, Average = 7ms
Server:  dns-anycast-1.oit.umass.edu
Address:  128.119.101.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=21ms TTL=53
Reply from 98.139.183.24: bytes=32 time=31ms TTL=53
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 31ms, Average = 26ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 03 25 3e 2f 9e ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
 11...00 1f 3c a1 43 64 ......Intel® PRO/Wireless 3945ABG Network Connection
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       72.19.76.1      72.19.77.98     25
       72.19.76.0    255.255.252.0         On-link       72.19.77.98    281
      72.19.77.98  255.255.255.255         On-link       72.19.77.98    281
     72.19.79.255  255.255.255.255         On-link       72.19.77.98    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       72.19.77.98    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       72.19.77.98    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18   1061 ::/0                     2002:c058:6301::1
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:206b:29c1:b7ec:b29d/128
                                    On-link
 18   1030 2002::/16                On-link
 18    286 2002:4813:4d62::4813:4d62/128
                                    On-link
 13    306 fe80::/64                On-link
 13    306 fe80::206b:29c1:b7ec:b29d/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/27/2015 05:42:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105265
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105265
 
Error: (01/27/2015 03:30:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/27/2015 05:42:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
 
Error: (01/27/2015 05:41:30 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: 
%%2
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
 
Microsoft Office Sessions:
=========================
Error: (01/27/2015 05:42:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105265
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105265
 
Error: (01/27/2015 03:30:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
 
=========================== Installed Programs ============================
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
COTM App by We-Care.com v4.1.29.2 (HKLM-x32\...\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}) (Version: 4.1.29.2 - We-Care.com)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.172.1357 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.1 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
SecureW2 Enterprise Client 3.5.12 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.0.1 - Splashtop Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
========================= Devices: ================================
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB2.0 Camera
Description: USB2.0 Camera
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 69%
Total physical RAM: 3071.37 MB
Available physical RAM: 949.49 MB
Total Pagefile: 6140.92 MB
Available Pagefile: 3432.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.02 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:103.5 GB) (Free:18.26 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CJ-PC
 
Administrator            CJ                       Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
23-01-2015 05:00:02 Scheduled Checkpoint
23-01-2015 08:00:13 Windows Update
 
**** End of log ****
 
 
 

 

Malwarebytes LOG - 

 

 

 

 

 

 

 

Thank you in advance!



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 27 January 2015 - 06:48 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 2

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 noshirtsallowed

noshirtsallowed
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 27 January 2015 - 08:02 AM

Thank your fast reply. I really do appreciate this. Here are the following logs. Thank you in advance once again!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by (administrator) on -PC on 27-01-2015 07:56:42
Running from C:\Users\Admin\Downloads
Loaded Profiles: (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-22] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [224600 2014-03-24] (SecureW2 B.V.)
HKU\S-1-5-21-482931792-2834766306-235586491-1000\...\Run: [F.lux] => C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-482931792-2834766306-235586491-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: => File Not Found
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\CJ\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-482931792-2834766306-235586491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 128.119.101.1 128.119.101.2
 
FireFox:
========
FF ProfilePath: C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\ddcn4fq1.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: @citrixonline.com/appdetectorplugin -> C:\Users\CJ\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://nytimes.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M3DB0FA16-E0F3-4D02-808A-2D33B485D13D&SearchSource=55&CUI=&UM=5&UP=SP84DD067E-40EA-4E32-A5D1-85B194EA4F44&SSPV="
CHR Profile: C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]
CHR Extension: (Google Search) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-03-16]
CHR Extension: (Classic Popup Blocker) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Gmail) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-16] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-16] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 07:57 - 2015-01-27 07:57 - 01295360 _____ () C:\Users\CJ\Downloads\zoek.exe
2015-01-27 07:56 - 2015-01-27 07:57 - 00015637 _____ () C:\Users\CJ\Downloads\FRST.txt
2015-01-27 07:56 - 2015-01-27 07:56 - 00000000 ____D () C:\FRST
2015-01-27 07:55 - 2015-01-27 07:55 - 02129920 _____ (Farbar) C:\Users\CJ\Downloads\FRST64.exe
2015-01-27 07:47 - 2015-01-27 07:47 - 00001050 _____ () C:\Users\CJ\Desktop\mwb.txt
2015-01-26 16:06 - 2015-01-26 16:06 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 16:06 - 2015-01-26 16:06 - 00000000 ____D () C:\Users\CJ\AppData\Local\LogMeIn
2015-01-26 16:06 - 2015-01-26 16:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-25 20:18 - 2015-01-25 21:13 - 00015086 _____ () C:\Users\CJ\Desktop\Letter of Acknowledgement.odt
2015-01-25 05:38 - 2015-01-25 05:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-23 03:01 - 2015-01-23 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-21 17:11 - 2015-01-21 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-01-21 17:07 - 2015-01-22 12:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Users\CJ\AppData\Local\Blizzard Entertainment
2015-01-21 15:19 - 2015-01-21 15:19 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 15:12 - 2015-01-21 16:46 - 00000000 ____D () C:\Users\CJ\Desktop\Spr15UMass
2015-01-21 14:55 - 2015-01-27 06:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 14:55 - 2015-01-21 14:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 14:55 - 2015-01-21 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 14:55 - 2015-01-21 14:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 14:55 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 14:55 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 14:55 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 14:52 - 2015-01-21 14:52 - 02186752 _____ () C:\Users\CJ\Desktop\AdwCleaner.exe
2015-01-21 14:47 - 2015-01-21 14:47 - 00003146 _____ () C:\Windows\System32\Tasks\SecureW2 Task
2015-01-21 14:47 - 2015-01-21 14:47 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2015-01-21 14:47 - 2015-01-21 14:47 - 00000000 ____D () C:\Program Files (x86)\SecureW2
2015-01-21 14:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 14:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 14:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-21 14:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-21 14:20 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 14:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 14:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 14:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 14:19 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 14:19 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 14:19 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 14:19 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 14:19 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 14:19 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 14:19 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 14:16 - 2015-01-21 14:16 - 00001953 _____ () C:\Users\CJ\Documents\Custom Office Templates - Shortcut.lnk
2015-01-21 14:12 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-21 14:12 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-21 14:06 - 2015-01-21 14:06 - 00003118 _____ () C:\Windows\System32\Tasks\{1ABEA3C5-3CF6-4CDE-998F-E4627E4C4FD9}
2015-01-21 13:39 - 2015-01-21 13:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 07:55 - 2014-03-20 22:31 - 00000000 ____D () C:\Users\CJ\AppData\Local\Battle.net
2015-01-27 07:17 - 2013-05-14 00:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 07:06 - 2013-08-14 14:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 07:02 - 2013-05-14 03:37 - 01605200 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 05:50 - 2009-07-13 23:45 - 00029600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 05:50 - 2009-07-13 23:45 - 00029600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 05:44 - 2014-11-06 20:17 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Curse Client
2015-01-27 05:43 - 2013-05-14 01:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-27 05:41 - 2013-05-14 02:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 05:41 - 2013-05-14 00:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 05:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 05:41 - 2009-07-13 23:51 - 00050885 _____ () C:\Windows\setupact.log
2015-01-27 02:00 - 2014-06-16 20:02 - 00000000 ____D () C:\Users\CJ\AppData\Local\Adobe
2015-01-26 21:19 - 2013-05-14 00:53 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 16:06 - 2013-08-14 14:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:06 - 2013-08-14 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 16:06 - 2013-08-14 14:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 05:07 - 2013-09-05 18:28 - 00000000 ____D () C:\Users\CJ\Documents\Goodies
2015-01-22 14:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-22 12:04 - 2013-08-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 11:49 - 2013-05-31 23:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-21 17:13 - 2014-05-09 16:25 - 00000000 ____D () C:\Users\CJ\Desktop\CJ
2015-01-21 16:53 - 2014-03-20 22:31 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Battle.net
2015-01-21 16:53 - 2014-03-20 22:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-21 15:29 - 2014-01-03 21:14 - 00000000 ____D () C:\AdwCleaner
2015-01-21 15:29 - 2010-11-20 22:47 - 00577476 _____ () C:\Windows\PFRO.log
2015-01-21 14:50 - 2014-12-11 05:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 14:33 - 2014-01-15 00:30 - 00000000 ____D () C:\Program Files (x86)\thinkTDA
2015-01-21 14:33 - 2013-11-16 23:58 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-21 14:31 - 2013-05-14 01:33 - 00000000 ____D () C:\ProgramData\Skype
2015-01-21 14:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-21 14:15 - 2014-03-16 01:11 - 00000000 ____D () C:\Users\CJ\AppData\Local\NVIDIA Corporation
2015-01-21 14:14 - 2013-05-14 02:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-21 14:13 - 2013-05-14 01:32 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\DVDVideoSoft
2015-01-21 13:45 - 2013-08-13 21:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-21 13:43 - 2013-05-14 01:35 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Adobe
2015-01-21 13:40 - 2013-05-14 01:34 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Skype
2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-28 13:17 - 2013-12-28 13:17 - 0000059 _____ () C:\Users\CJ\AppData\Roaming\mbam.context.scan
2013-05-20 12:39 - 2013-05-20 12:39 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\CJ\AppData\Local\Temp\7za.exe
C:\Users\CJ\AppData\Local\Temp\hijackthis.exe
C:\Users\CJ\AppData\Local\Temp\NirCmd.exe
C:\Users\CJ\AppData\Local\Temp\PEVZ.EXE
C:\Users\CJ\AppData\Local\Temp\remove.exe
C:\Users\CJ\AppData\Local\Temp\sed.exe
C:\Users\CJ\AppData\Local\Temp\shortcut.exe
C:\Users\CJ\AppData\Local\Temp\swreg.exe
C:\Users\CJ\AppData\Local\Temp\swxcacls.exe
C:\Users\CJ\AppData\Local\Temp\wget.exe
C:\Users\CJ\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 05:00
 
==================== End Of Log ===========================
 
 
 

 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
COTM App by We-Care.com v4.1.29.2 (HKLM-x32\...\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}) (Version: 4.1.29.2 - We-Care.com)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-482931792-2834766306-235586491-1000\...\Flux) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
SecureW2 Enterprise Client 3.5.12 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.0.1 - Splashtop Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-01-2015 00:00:02 Scheduled Checkpoint
23-01-2015 03:00:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-01-03 21:18 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C709743-2A7F-4A0F-A5D7-7FBB8C899500} - System32\Tasks\{84CE1A2F-AB3E-4DC9-8BA1-C8D1A5512D61} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {2C1A31F2-4D6C-4511-AC0F-D0061C8C3FB0} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2014-03-24] (SecureW2 B.V.)
Task: {31CD3F55-75F0-4E66-A07A-B3F5390E73C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)
Task: {3DA341EE-A4B0-48DE-A917-BB67D6B0A967} - System32\Tasks\ScanToPCActivationApp.exe_{6DFA8320-1FCF-4936-9E3B-1080C9ED6590} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {54FDF308-7C84-4A24-AC8B-69D5ACAFAC6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)
Task: {5F32CEC8-842F-4CFE-8C3A-18CD50BC83CA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {78197062-5271-4CCB-BACC-CC46C26C736E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-16] (AVAST Software)
Task: {7CA03705-FFF3-4DA9-85E6-3DEC3EA369C2} - System32\Tasks\{1ABEA3C5-3CF6-4CDE-998F-E4627E4C4FD9} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {9BF66AAF-EAD9-4C3E-BDA5-B531ABA315C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {9D157EC3-B20B-498C-8860-40CFDFA5000A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B011584D-5ACF-4E16-BD28-ED0F3A75066D} - System32\Tasks\AdobeAAMUpdater-1.0-CJ-PC-CJ => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {B94EB70D-69A4-4C28-B561-EDF7666BC2B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D3BFF880-A3B8-4173-8825-77AB6A1E3B4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-14 02:11 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-16 23:31 - 2014-10-16 23:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-26 15:41 - 2015-01-26 15:41 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll
2015-01-27 05:44 - 2015-01-27 05:44 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012700\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-16 23:31 - 2014-10-16 23:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-01-26 21:19 - 2015-01-25 01:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-26 21:19 - 2015-01-25 01:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-26 21:19 - 2015-01-25 01:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-01-21 16:52 - 2015-01-21 16:52 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2015-01-26 16:06 - 2015-01-26 16:06 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2015-01-27 07:57 - 2015-01-27 07:57 - 01295360 _____ () C:\Users\CJ\Downloads\zoek.exe
2015-01-27 07:57 - 2015-01-27 07:57 - 00256512 _____ () C:\Users\CJ\AppData\Local\Temp\PEVZ.EXE
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-482931792-2834766306-235586491-500 - Administrator - Disabled)
CJ (S-1-5-21-482931792-2834766306-235586491-1000 - Administrator - Enabled) => C:\Users\CJ
Guest (S-1-5-21-482931792-2834766306-235586491-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-482931792-2834766306-235586491-1018 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB2.0 Camera
Description: USB2.0 Camera
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2015 05:42:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105265
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105265
 
Error: (01/27/2015 03:30:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/27/2015 05:42:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
 
Error: (01/27/2015 05:41:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: 
%%2
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
 
Error: (01/27/2015 00:20:25 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
 
Error: (01/26/2015 11:56:12 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
 
 
Microsoft Office Sessions:
=========================
Error: (01/27/2015 05:42:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105265
 
Error: (01/27/2015 03:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105265
 
Error: (01/27/2015 03:30:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16390
 
Error: (01/27/2015 03:29:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14437
 
Error: (01/27/2015 03:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 3071.37 MB
Available physical RAM: 1704.68 MB
Total Pagefile: 6140.92 MB
Available Pagefile: 3954.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:103.5 GB) (Free:18.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: EDF95783)
Partition 1: (Active) - (Size=103.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.3 GB) - (Type=12)
 
==================== End Of Log ============================
 
 
 
 
 
And lastly
 
 


==== System Restore Info ======================
 
1/27/2015 7:59:48 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\CJ\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe
R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [SplashtopRemoteService] - Splashtop® Remote Service - c:\program files (x86)\splashtop\splashtop remote\server\srservice.exe
R2 - [SSUService] - Splashtop Software Updater Service - c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [vToolbarUpdater17.2.0] - vToolbarUpdater17.2.0 - c:\program files (x86)\common files\avg secure search\vtoolbarupdater\17.2.0\toolbarupdater.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3072 MB
CPU Info: Intel® Core™2 CPU         T7200  @ 2.00GHz
CPU Speed: 1992.2 MHz
Sound Card: Speakers (High Definition Audio | 
Digital Audio (S/PDIF) (High De | 
Display Adapters: NVIDIA GeForce 8700M GT | NVIDIA GeForce 8700M GT | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller | Intel® PRO/Wireless 3945ABG Network Connection
CD / DVD Drives: 1x (F: | ) F: Optiarc DVD RW AD-7590A
Ports: COM3 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  103.5GB
Hard Disks - Free: C:  19.8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/04/07 | ALWARE - 10000704
Time Zone: Eastern Standard Time
Motherboard *: alienware Area-51 m9750
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 40.0.2214.93
Internet Explorer Version: 11.0.9600.17501 
Google Chrome version: 40.0.2214.93
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_67 (32-bit) 
Flash Player version: 16.0.0.296
Shockwave Player version: 12.0.7r148
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\CJ\AppData\Local\Temp ====
====== Java Cache =====
2015-01-21 19:46:13 BE9EA7031366395C99AA4D8E7889909C 31309 ----a-w- C:\Users\CJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4cf6e793-65943923
2015-01-21 19:46:20 261B2292F5BE8E38DE9DAAD0175C7E75 697968 ----a-w- C:\Users\CJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1c775682-5ce08d6f
2015-01-21 19:46:11 78EFC0E68265A73E7285F3F9D8CF9E93 457 ----a-w- C:\Users\CJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4cb07115-1912259dbf5491f19587f4f47779fd2a25cf1ca3edac1d89c2340a017dbe5a1b-6.0.lap
====== C:\Windows\SysWOW64 =====
2015-01-26 21:06:31 38FBD0415DDE085D6AA7CFF7245D2AC0 4070576 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-21 19:20:21 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2015-01-21 19:20:20 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 19:20:10 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-01-21 19:19:09 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 19:19:08 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 19:19:02 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-01-21 19:12:12 BA3FF65B9E5224A1EAF60884C11C03FB 32400 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-21 19:20:22 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2015-01-21 19:20:18 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-01-21 19:20:12 DCD00561CBDE7FC42A49D84783F4C00B 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-21 19:20:10 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-01-21 19:19:10 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-01-21 19:19:05 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-01-21 19:19:04 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-01-21 19:19:03 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-21 19:55:28 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-21 19:55:10 BA614B45227933A2B37686ED121345BA 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-01-21 19:55:10 828D027056CB980F26BD17DFBC0D9057 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-01-21 19:55:10 4E6F278DA120E3C5E629FC927E3B68EC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-01-21 19:20:14 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2015-01-21 19:12:51 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
====== C:\Windows\Tasks ======
2015-01-21 19:47:45 87887BC72CEC3F86C6E1965F8D0852BF 3146 ----a-w- C:\Windows\Sysnative\Tasks\SecureW2 Task
2015-01-21 19:06:45 707348191F8605B5AEADD01C0551EF4E 3118 ----a-w- C:\Windows\Sysnative\Tasks\{1ABEA3C5-3CF6-4CDE-998F-E4627E4C4FD9}
2015-01-21 18:39:52 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-25 10:38:09 -------- d-----w- C:\PROGRA~2\ESET
2015-01-23 08:01:36 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET
2015-01-21 22:07:20 -------- d-----w- C:\PROGRA~2\World of Warcraft
2015-01-21 19:47:44 -------- d-----w- C:\PROGRA~2\SecureW2
======= C: =====
====== C:\Users\CJ\AppData\Roaming ======
2015-01-21 21:53:17 -------- d-----w- C:\Users\CJ\AppData\Local\Blizzard Entertainment
2015-01-21 19:47:50 -------- d-----w- C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2015-01-21 19:02:19 -------- d-sh--w- C:\Users\CJ\AppData\Locallow\EmieBrowserModeList
====== C:\Users\CJ ======
2015-01-27 12:55:29 0A5A11928325940A75A7CE46D5B460BD 2129920 ----a-w- C:\Users\CJ\Downloads\FRST64.exe
2015-01-21 22:11:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-01-21 19:52:49 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\CJ\Desktop\AdwCleaner.exe
 
====== C: exe-files ==
2015-01-27 12:56:12 CED49D72E657203B33E8E53F30097CED 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IDKD17Z.exe
2015-01-27 12:56:12 A81FE49FE1FD69F2FC2A2974B2B3BAB3 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IZW4Q11.exe
2015-01-27 12:56:12 A410327A375421213E264AB42503EAEA 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$ITAYA5D.exe
2015-01-27 12:56:12 8F87803EFB23C0A2EC1C375F08C83D25 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$I9FYUNJ.exe
2015-01-27 12:56:12 8B542D1147F4170F7418ECD53F8CFB61 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IK8V5Y3.exe
2015-01-27 12:56:12 6397CC43CB8B319540C2F96E8E91CA03 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$ISC3SLS.exe
2015-01-27 12:56:12 4B4F156DA82EEDE97871137EE98BFCA5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$I0PLN2G.exe
2015-01-27 12:56:12 426FA9D4E4A02A77AF6D531C97CF4127 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IMJOAV1.exe
2015-01-27 12:56:12 38EDF78418B17F118D40570240513B56 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IA0ORCJ.exe
2015-01-27 12:56:12 2D3BA138231A5C07E62D394EC6685A41 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$IJDA0ZN.exe
2015-01-27 12:56:12 0F5F0C0F6D15055CD7B7CCBF8856B25A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$I6CGXPD.exe
2015-01-27 11:45:22 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RK8V5Y3.exe
2015-01-27 11:33:15 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RMJOAV1.exe
2015-01-27 03:36:25 89D69FA7A3ACEA279FA3C7CADB345B2F 72608 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RA0ORCJ.exe
2015-01-27 03:36:10 C8A87A76BD5056C7F4B4A01FD3C714DB 65472 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RZW4Q11.exe
2015-01-27 02:18:43 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-26 21:06:08 5C40FF42CEF10285B559F90AD17128DC 11417720 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RSC3SLS.exe
2015-01-25 14:13:01 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$R6CGXPD.exe
2015-01-25 11:29:55 E4C58F2994BA7E190FC46A8B3A60FB32 10631216 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
2015-01-25 10:38:14 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-01-25 10:38:14 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-01-25 10:38:14 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-01-25 10:38:13 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-01-25 10:38:13 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-01-25 10:37:49 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RTAYA5D.exe
2015-01-25 10:34:27 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$R9FYUNJ.exe
2015-01-25 10:32:52 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$R0PLN2G.exe
2015-01-22 01:26:41 2FB44CF92D0936CB4A4E24DFF1822C0E 24116728 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.11\deploy\League of Legends.exe
2015-01-22 00:58:21 A8C4625853D744E395759E76525787B6 3149304 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.16\deploy\LoLPatcherUx.exe
2015-01-22 00:57:55 69B541A49C5DAE7CF39591EA136608D3 4113400 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.16\deploy\LoLPatcher.exe
2015-01-22 00:57:51 FFCBD5138F65636D852BF67A8BC16150 114680 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.16\deploy\jpatch.exe
2015-01-21 22:11:31 1B61D5247CB75CB576E8B1D8087CD82E 21261360 ----a-w- C:\Program Files (x86)\World of Warcraft\Wow-64.exe
2015-01-21 22:11:29 CF26493DBFCA8922FC02D42CA2B73B6E 764464 ----a-w- C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
2015-01-21 22:11:29 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\World of Warcraft\SystemSurvey.exe
2015-01-21 22:11:29 600E5D5442496128B9A48146E7E9E5DA 2905136 ----a-w- C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
2015-01-21 22:11:29 5FD0416E73C2030B0060804DB56BF0FF 13707824 ----a-w- C:\Program Files (x86)\World of Warcraft\Wow.exe
2015-01-21 22:11:27 98CB5B27549A3C9DD5CBC4F58F5A5BDB 334384 ----a-w- C:\Program Files (x86)\World of Warcraft\BlizzardError.exe
2015-01-21 21:52:36 061D327A14FEF3A58829FE53B689B8F1 10066992 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
2015-01-21 21:52:03 A8189EBBCC7C856FC557C177190E4620 10693168 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
2015-01-21 21:51:55 FF555E886F15072D9CF7B3EE8465097D 2909240 ----a-w- C:\ProgramData\Battle.net\Setup\wow_enus\World of Warcraft Setup.exe
2015-01-21 21:51:23 A1D7339D9AFB9A4A81CBFACA337DB56D 2942368 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RJDA0ZN.exe
2015-01-21 19:53:31 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-482931792-2834766306-235586491-1000\$RDKD17Z.exe
2015-01-21 19:47:50 A8EE2315879710280CE3438D81EE8D04 340806 ----a-w- C:\Program Files (x86)\SecureW2\Uninstall.exe
2015-01-21 19:16:22 46C54673A2F13ED4336EBF6F542EE4E3 274075712 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\29459d72-f29b-466d-a4d1-f880e00d03e0\340.52-notebook-win8-win7-64bit-international-whql-g.exe
2015-01-21 19:14:58 0C52567F023D0F05F4EFC26F607D415B 1148560 ----a-w- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
2015-01-21 19:13:10 B6C65AC0616D23170474217F1A9A0BBF 413840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE
2015-01-21 18:56:21 E68D5DE8AE8EA0929955C69362563A8F 1701520 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D1D129E-A1CA-446D-A4E5-F0C54CEEA923}\NVNetworkService.exe
2015-01-21 18:51:53 C7C21D72170A3288958C89784A4D4C2F 31666248 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\6d5e5075-9942-4d15-9ab9-1914b254502a\GeForce_Experience_Update_v2.1.5.0.exe
2015-01-21 18:37:21 516C021FEBEDE2962C9252DF85606C76 382168 ----a-w- C:\ProgramData\Adobe\ARM\S\21446\AdobeARMHelper.exe
=== C: other files ==
2015-01-21 19:55:28 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-21 19:55:10 BA614B45227933A2B37686ED121345BA 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-21 19:55:10 828D027056CB980F26BD17DFBC0D9057 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-21 19:55:10 4E6F278DA120E3C5E629FC927E3B68EC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-21 19:20:14 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-21 19:13:10 F90B3BF40AC646908022CB7929CDE6FC 14480 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService32.sys
2015-01-21 19:13:10 C658C7BF6ADC0E453CD98FB81F8698DA 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService64.sys
2015-01-21 19:12:54 CE9812A9B6695E0FA4ACBDF18AC9076B 16032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{4DD270FF-3043-4586-8583-1E4A5FA16EF9}\NVSWCFilter32.sys
2015-01-21 19:12:53 17D21ADA263B31EEDB7EA344AEA4F2E7 19616 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{4DD270FF-3043-4586-8583-1E4A5FA16EF9}\NVSWCFilter64.sys
2015-01-21 19:12:51 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-01-21 19:12:51 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{398692C2-E018-447A-B1F3-5BA2C9E57C4E}\nvvad64v.sys
2015-01-21 19:12:51 3EEDE5E218F0978D802CE3196E8B9028 32912 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{398692C2-E018-447A-B1F3-5BA2C9E57C4E}\nvvad32v.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"HP Officejet Pro 8500 A910 (NET)"="C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe -deviceID CN115BK407:NW -scfn HP Officejet Pro 8500 A910 (NET) -AutoStart 1"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SecureW2 Tray"="C:\Program Files (x86)\SecureW2\sw2_tray.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"HP Officejet Pro 8500 A910 (NET)"="C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe -deviceID CN115BK407:NW -scfn HP Officejet Pro 8500 A910 (NET) -AutoStart 1"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
 
==== Startup Folders ======================
 
2014-11-07 01:18:01 1030 ----a-w- C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
2013-05-21 03:06:08 1938 ----a-w- C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk
2013-06-03 02:53:52 1235 ----a-w- C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/26/2015 04:06 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/14/2013 12:53 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/14/2013 12:53 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-CJ-PC-CJ" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet Pro 8500 A910" ["C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\ScanToPCActivationApp.exe_{6DFA8320-1FCF-4936-9E3B-1080C9ED6590}" [C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe]
"C:\Windows\SysNative\tasks\SecureW2 Task" [C:\Program Files (x86)\SecureW2\sw2_tray.exe]
"C:\Windows\SysNative\tasks\{84CE1A2F-AB3E-4DC9-8BA1-C8D1A5512D61}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Tue 01/27/2015 at  8:06:38.65 ======================
 
 

Edited by noshirtsallowed, 27 January 2015 - 08:06 AM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 27 January 2015 - 03:38 PM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.31KB   6 downloads


After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 noshirtsallowed

noshirtsallowed
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 27 January 2015 - 10:08 PM

When I click the attached fixlist it brings me to a malwarebytes forum and says error you dont have permission for that. Also what do you mean in the same directory? as in the same downloaded folder? (which is essentially my account downloads folder. 



#6 noshirtsallowed

noshirtsallowed
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 28 January 2015 - 10:56 AM

Just to update, I registered for that site and still nothing.

 

thank you in advance



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 28 January 2015 - 11:41 AM

fixlist.png
 

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 28 January 2015 - 11:43 AM

When I click the attached fixlist it brings me to a malwarebytes forum and says error you dont have permission for that. Also what do you mean in the same directory? as in the same downloaded folder? (which is essentially my account downloads folder. 

 

Yes, it's the download folder. :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by (administrator) on -PC on 27-01-2015 07:56:42
Running from C:\Users\Admin\Downloads

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 noshirtsallowed

noshirtsallowed
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 28 January 2015 - 10:42 PM

Got it to work. Here it is!

 

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: => File Not Found
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKU\S-1-5-21-482931792-2834766306-235586491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://www.
CHR Extension: (Classic Popup Blocker) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2014-03-16]
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"AppInit_DLLs: => File Not Found" => Value Data not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found. 
"HKU\S-1-5-21-482931792-2834766306-235586491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome StartupUrls deleted successfully.
C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp => Moved successfully.
EmptyTemp: => Removed 984.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:25:56 ====
 
 
 
 
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Curse) C:\Users\CJ\AppData\Local\Apps\2.0\LOE14GCN.V6V\8CRYDPAY.PKT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-22] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [224600 2014-03-24] (SecureW2 B.V.)
HKU\S-1-5-21-482931792-2834766306-235586491-1000\...\Run: [F.lux] => C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-482931792-2834766306-235586491-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: => File Not Found
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\CJ\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 128.119.101.1 128.119.101.2
 
FireFox:
========
FF ProfilePath: C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\ddcn4fq1.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: @citrixonline.com/appdetectorplugin -> C:\Users\CJ\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-482931792-2834766306-235586491-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://nytimes.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M3DB0FA16-E0F3-4D02-808A-2D33B485D13D&SearchSource=55&CUI=&UM=5&UP=SP84DD067E-40EA-4E32-A5D1-85B194EA4F44&SSPV="
CHR Profile: C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]
CHR Extension: (Google Search) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]
CHR Extension: (Classic Popup Blocker) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Gmail) - C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-16] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-16] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 22:40 - 2015-01-28 22:40 - 00000000 ____D () C:\Users\CJ\Downloads\FRST-OlderVersion
2015-01-28 22:21 - 2015-01-28 22:21 - 00000318 _____ () C:\Users\CJ\Desktop\Curse Client.appref-ms
2015-01-28 22:21 - 2015-01-28 22:21 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-01-28 22:21 - 2015-01-28 22:21 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Curse Advertising
2015-01-28 22:20 - 2015-01-28 22:31 - 00000000 ____D () C:\Users\CJ\AppData\Local\Deployment
2015-01-28 22:20 - 2015-01-28 22:20 - 00003094 _____ () C:\Windows\System32\Tasks\{20C57AF2-F096-437A-B0CA-C5E8D6FE0602}
2015-01-28 22:20 - 2015-01-28 22:20 - 00000000 ____D () C:\Users\CJ\AppData\Local\Apps\2.0
2015-01-28 22:17 - 2015-01-28 22:17 - 00402696 _____ () C:\Users\CJ\Downloads\setup.exe
2015-01-28 22:09 - 2015-01-28 22:09 - 00072608 _____ () C:\Users\CJ\Downloads\FLVPlayer-Chrome (1).exe
2015-01-28 22:07 - 2015-01-28 22:09 - 00000966 _____ () C:\Users\CJ\Downloads\FLVPlayer-Chrome.exe
2015-01-27 23:24 - 2015-01-27 23:25 - 01269248 _____ () C:\Users\CJ\Downloads\CalebRoundsBIO152Sp2015 (1).ppt
2015-01-27 23:24 - 2015-01-27 23:24 - 01269248 _____ () C:\Users\CJ\Downloads\CalebRoundsBIO152Sp2015.ppt
2015-01-27 07:59 - 2015-01-27 08:06 - 00026270 _____ () C:\zoek-results.log
2015-01-27 07:58 - 2015-01-27 07:58 - 00022692 _____ () C:\Users\CJ\Downloads\Addition.txt
2015-01-27 07:57 - 2015-01-27 07:57 - 01295360 _____ () C:\Users\CJ\Downloads\zoek.exe
2015-01-27 07:57 - 2015-01-27 07:57 - 00000000 ____D () C:\zoek_backup
2015-01-27 07:56 - 2015-01-28 22:41 - 00000000 ____D () C:\FRST
2015-01-27 07:56 - 2015-01-28 22:40 - 00014545 _____ () C:\Users\CJ\Downloads\FRST.txt
2015-01-27 07:55 - 2015-01-28 22:40 - 02130432 _____ (Farbar) C:\Users\CJ\Downloads\FRST64.exe
2015-01-26 16:06 - 2015-01-26 16:06 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 16:06 - 2015-01-26 16:06 - 00000000 ____D () C:\Users\CJ\AppData\Local\LogMeIn
2015-01-26 16:06 - 2015-01-26 16:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-25 05:38 - 2015-01-25 05:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-23 03:01 - 2015-01-23 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-21 17:11 - 2015-01-21 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-01-21 17:07 - 2015-01-22 12:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Users\CJ\AppData\Local\Blizzard Entertainment
2015-01-21 15:19 - 2015-01-21 15:19 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 15:12 - 2015-01-21 16:46 - 00000000 ____D () C:\Users\CJ\Desktop\Spr15UMass
2015-01-21 14:55 - 2015-01-27 06:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 14:55 - 2015-01-21 14:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 14:55 - 2015-01-21 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 14:55 - 2015-01-21 14:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 14:55 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 14:55 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 14:55 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 14:52 - 2015-01-21 14:52 - 02186752 _____ () C:\Users\CJ\Desktop\AdwCleaner.exe
2015-01-21 14:47 - 2015-01-21 14:47 - 00003146 _____ () C:\Windows\System32\Tasks\SecureW2 Task
2015-01-21 14:47 - 2015-01-21 14:47 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2015-01-21 14:47 - 2015-01-21 14:47 - 00000000 ____D () C:\Program Files (x86)\SecureW2
2015-01-21 14:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 14:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 14:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-21 14:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-21 14:20 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 14:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 14:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 14:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 14:19 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 14:19 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 14:19 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 14:19 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 14:19 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 14:19 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 14:19 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 14:16 - 2015-01-21 14:16 - 00001953 _____ () C:\Users\CJ\Documents\Custom Office Templates - Shortcut.lnk
2015-01-21 14:12 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-21 14:12 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-21 14:06 - 2015-01-21 14:06 - 00003118 _____ () C:\Windows\System32\Tasks\{1ABEA3C5-3CF6-4CDE-998F-E4627E4C4FD9}
2015-01-21 13:39 - 2015-01-21 13:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 22:39 - 2014-11-06 20:17 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Curse Client
2015-01-28 22:36 - 2009-07-13 23:45 - 00029600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:36 - 2009-07-13 23:45 - 00029600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:30 - 2013-05-14 01:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 22:29 - 2013-05-14 00:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 22:28 - 2009-07-13 23:51 - 00051053 _____ () C:\Windows\setupact.log
2015-01-28 22:27 - 2013-05-14 02:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 22:27 - 2010-11-20 22:47 - 00577804 _____ () C:\Windows\PFRO.log
2015-01-28 22:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 22:26 - 2013-05-14 03:37 - 01726976 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 22:21 - 2014-03-20 22:31 - 00000000 ____D () C:\Users\CJ\AppData\Local\Battle.net
2015-01-28 22:17 - 2013-05-14 00:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 22:06 - 2013-08-14 14:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 02:00 - 2014-06-16 20:02 - 00000000 ____D () C:\Users\CJ\AppData\Local\Adobe
2015-01-26 21:19 - 2013-05-14 00:53 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 16:06 - 2013-08-14 14:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:06 - 2013-08-14 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 16:06 - 2013-08-14 14:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 05:07 - 2013-09-05 18:28 - 00000000 ____D () C:\Users\CJ\Documents\Goodies
2015-01-22 14:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-22 12:04 - 2013-08-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 11:49 - 2013-05-31 23:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-21 17:13 - 2014-05-09 16:25 - 00000000 ____D () C:\Users\CJ\Desktop\CJ
2015-01-21 16:53 - 2014-03-20 22:31 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Battle.net
2015-01-21 16:53 - 2014-03-20 22:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-21 15:29 - 2014-01-03 21:14 - 00000000 ____D () C:\AdwCleaner
2015-01-21 14:50 - 2014-12-11 05:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 14:33 - 2014-01-15 00:30 - 00000000 ____D () C:\Program Files (x86)\thinkTDA
2015-01-21 14:33 - 2013-11-16 23:58 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-21 14:31 - 2013-05-14 01:33 - 00000000 ____D () C:\ProgramData\Skype
2015-01-21 14:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-21 14:15 - 2014-03-16 01:11 - 00000000 ____D () C:\Users\CJ\AppData\Local\NVIDIA Corporation
2015-01-21 14:14 - 2013-05-14 02:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-21 14:13 - 2013-05-14 01:32 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\DVDVideoSoft
2015-01-21 13:45 - 2013-08-13 21:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-21 13:43 - 2013-05-14 01:35 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Adobe
2015-01-21 13:40 - 2013-05-14 01:34 - 00000000 ____D () C:\Users\CJ\AppData\Roaming\Skype
2015-01-08 09:55 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-28 13:17 - 2013-12-28 13:17 - 0000059 _____ () C:\Users\CJ\AppData\Roaming\mbam.context.scan
2013-05-20 12:39 - 2013-05-20 12:39 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 05:00
 
==================== End Of Log ============================
 
Thank you in advance


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 29 January 2015 - 06:10 AM

Hi,
please copy and paste the following text into the url-line of your chrome and press ENTER:

chrome://settings/startup

Afterwards delete this entry:

hxxp://www.trovi.com/

 
Let's do a final check up:

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 noshirtsallowed

noshirtsallowed
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 30 January 2015 - 06:00 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3b6d11d50e8a2846ab94b4ab59f5f008
# engine=22133
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-25 02:02:38
# local_time=2015-01-25 09:02:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 3072485 185693447 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 173738007 0 0
# scanned=167097
# found=33
# cleaned=33
# scan_time=12140
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\entrusted11\hk64tbentr.dll.vir"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\entrusted11\hktbentr.dll.vir"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\entrusted11\ldrtbentr.dll.vir"
sh=D92C60CCE0049F2F7FB25ECBED01C7E89DC43988 ft=1 fh=854242ae4b4cbd77 vn="Win32/Toolbar.Conduit.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\entrusted11\prxtbentr.dll.vir"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\entrusted11\tbentr.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=926D9D657C7080EF11DC050F84192C66B6D586BD ft=1 fh=a969f747000403ce vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir"
sh=D47C6B5FDA587461537B2457B6F0E06B5E9F39F9 ft=1 fh=b6c6575ef644b92e vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.24.3.3_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\NativeMessaging\CT3306061\1_0_0_7\TBMessagingHost.exe.vir"
sh=35916ED5861D39F54C00E7D85F9E6CBF2038DD1F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Temp\NativeMessaging\CT3306061.crx.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\TBMessagingHost.exe.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\hk64tbent0.dll.vir"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\hk64tbentr.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\hktbent0.dll.vir"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\hktbentr.dll.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\ldrtbent0.dll.vir"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\ldrtbentr.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\tbent0.dll.vir"
sh=81AF7CFB10091601ED1B82B92BDA2A254AA2B82F ft=1 fh=b76578e523b80dbc vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\tbent1.dll.vir"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\tbentr.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\CJ\AppData\LocalLow\entrusted11\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\CJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6LHCUHK\spstub[1].exe"
sh=583A3CAC690CA012AA7B86FD8F19F5C0F1C2083B ft=1 fh=ee969deb4cd8f0e0 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\CJ\AppData\Local\Temp\tmp2975.exe"
sh=583A3CAC690CA012AA7B86FD8F19F5C0F1C2083B ft=1 fh=ee969deb4cd8f0e0 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\CJ\AppData\Local\Temp\tmp8E62.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3b6d11d50e8a2846ab94b4ab59f5f008
# engine=22233
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-30 10:54:54
# local_time=2015-01-30 05:54:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 3536421 186157383 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 174201943 0 0
# scanned=156712
# found=0
# cleaned=0
# scan_time=11352
 
 
 
HitmanPro 3.7.9.234
www.hitmanpro.com
 
   Computer name . . . . : CJ-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : CJ-PC\CJ
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-01-30 00:56:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 16m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 43
 
   Objects scanned . . . : 1,453,075
   Files scanned . . . . : 27,396
   Remnants scanned  . . : 316,532 files / 1,109,147 keys
 
Malware remnants ____________________________________________________________
 
   HKU\S-1-5-21-482931792-2834766306-235586491-1000_Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-482931792-2834766306-235586491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
 
Cookies _____________________________________________________________________
 
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.at.atwola.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\CJ\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\3Z0IPV9A.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\757JUMOJ.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\9A0WAGD2.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\CLZUKPJ1.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\KK0R2VQD.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\OT3FBXLI.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\R5JEUPNC.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\S4MPWDXM.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\VI32C5NQ.txt
   C:\Users\CJ\AppData\Roaming\Microsoft\Windows\Cookies\WO4RRWOH.txt
 
 
 
 
 
 
Its definitely running better.. Do you see anything else?


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 30 January 2015 - 06:24 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Java 7 Update 67



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 AM

Posted 01 February 2015 - 06:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users