Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Browser Constantly Hijacked to New Tabs and "Shopping" Widgets Inserted


  • This topic is locked This topic is locked
21 replies to this topic

#1 dcanoli

dcanoli

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 31 January 2015 - 03:41 PM

I currently have another thread going at:

 

http://www.bleepingcomputer.com/forums/t/564635/need-virus-malware-issue-resolved/page-2

 

You can check that to see what has already been tried.

 

My browsers are constantly hijacked to new tabs, and when checking sites like Walmart, shopping widgets are inserted at the top and bottom of my pages.

 

Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by dcano_000 (administrator) on MOMS on 31-01-2015 15:37:50
Running from C:\Users\dcano_000\Downloads
Loaded Profiles: dcano_000 (Available profiles: dcano_000 & joshm_000 & webst_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Farbar) C:\Users\dcano_000\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [WD UDS Control Center] => C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe [19841536 2012-04-18] ()
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Anvi AD Blocker] => C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-14] (Anvisoft)
HKLM-x32\...\Run: [ADBlocker] => C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-14] (Anvisoft)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [Amazon Music] => C:\Users\dcano_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\RunOnce: [Uninstall C:\Users\dcano_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dcano_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\MountPoints2: {0710c831-8f84-11e4-bee8-0025ab2680d4} - "E:\setup.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E18E5DDE-E103-4BC2-99DE-10795ABEE2C8}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF ProfilePath: C:\Users\dcano_000\AppData\Roaming\Mozilla\Firefox\Profiles\xeg7j064.default-1419253661310
FF DefaultSearchEngine: Swagbucks.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1553020140-4172482893-2706831263-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\dcano_000\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Adblock Plus - C:\Users\dcano_000\AppData\Roaming\Mozilla\Firefox\Profiles\xeg7j064.default-1419253661310\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (YouTube) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Cast) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [314064 2013-06-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asdnet; C:\WINDOWS\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-01-31] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-01-30] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WDUDSMBus; C:\Windows\SysWow64\Drivers\WDUDSMBus.sys [105568 2012-04-16] (Windows ® Codename Longhorn DDK provider)
S3 WDUDSTcpBus; C:\Windows\SysWow64\Drivers\WDUDSTcpBus.sys [174176 2012-04-16] (Windows ® Codename Longhorn DDK provider)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:37 - 2015-01-31 15:37 - 02130944 _____ (Farbar) C:\Users\dcano_000\Downloads\FRST64(1).exe
2015-01-31 11:16 - 2015-01-31 11:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-16-16-22.055-AvastVBoxSVC.exe-2884.log
2015-01-31 11:09 - 2015-01-31 11:09 - 00001736 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-30 19:01 - 2015-01-30 19:01 - 00000000 ____D () C:\WINDOWS\rundll16.exe
2015-01-30 19:01 - 2015-01-30 19:01 - 00000000 ____D () C:\WINDOWS\logo1_.exe
2015-01-30 17:53 - 2015-01-30 17:53 - 00000462 _____ () C:\WINDOWS\UPDLL.LOG
2015-01-30 17:53 - 2015-01-30 17:53 - 00000000 ____D () C:\WINDOWS\VDLL.DLL
2015-01-30 17:53 - 2015-01-30 17:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\runouce.exe
2015-01-30 17:53 - 2015-01-30 17:53 - 00000000 ____D () C:\WINDOWS\RUNDL132.EXE
2015-01-30 17:53 - 2015-01-30 17:53 - 00000000 ____D () C:\WINDOWS\logo_1.exe
2015-01-30 17:53 - 2015-01-30 17:53 - 00000000 ____D () C:\Users\dcano_000\Downloads\TempBK
2015-01-30 17:47 - 2015-01-30 17:53 - 00000182 _____ () C:\WINDOWS\general.log
2015-01-30 17:47 - 2015-01-30 17:53 - 00000056 _____ () C:\WINDOWS\Lic.xxx
2015-01-30 17:47 - 2015-01-30 17:47 - 00001250 _____ () C:\WINDOWS\ESCAN.LOG
2015-01-30 17:46 - 2015-01-30 17:46 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00350160 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-01-30 17:46 - 2015-01-30 17:46 - 00152808 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2015-01-30 17:46 - 2015-01-30 17:46 - 00001074 _____ () C:\Users\dcano_000\Desktop\MWAVSCAN.lnk
2015-01-30 17:46 - 2015-01-30 17:46 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-01-30 17:40 - 2015-01-30 17:42 - 216155864 _____ () C:\Users\dcano_000\Downloads\mwav.exe
2015-01-30 15:46 - 2015-01-30 15:46 - 00001120 _____ () C:\Users\dcano_000\Downloads\ESETScan.txt
2015-01-29 19:37 - 2015-01-29 19:37 - 02347384 _____ (ESET) C:\Users\dcano_000\Downloads\esetsmartinstaller_enu(1).exe
2015-01-29 19:37 - 2015-01-29 19:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-29 18:10 - 2015-01-29 18:10 - 00000921 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\Users\dcano_000\AppData\Roaming\9-lab
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\Program Files\9-lab
2015-01-29 18:09 - 2015-01-29 18:09 - 06003400 _____ () C:\Users\dcano_000\Downloads\rmtool-setup-x64.exe
2015-01-29 18:08 - 2015-01-29 18:09 - 00000197 _____ () C:\WINDOWS\system32\2015-01-29-23-08-23.001-AvastVBoxSVC.exe-4388.log
2015-01-29 18:03 - 2015-01-29 18:04 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-01-28 06:43 - 2015-01-28 06:44 - 00000247 _____ () C:\WINDOWS\system32\2015-01-28-11-43-47.070-aswFe.exe-3772.log
2015-01-28 06:38 - 2015-01-28 06:43 - 00000247 _____ () C:\WINDOWS\system32\2015-01-28-11-38-25.097-aswFe.exe-2784.log
2015-01-28 06:38 - 2015-01-28 06:38 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-11-38-23.021-AvastVBoxSVC.exe-5900.log
2015-01-28 06:00 - 2015-01-28 06:00 - 00852573 _____ () C:\Users\dcano_000\Downloads\SecurityCheck.exe
2015-01-27 19:24 - 2015-01-27 19:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\dcano_000\Downloads\mbar-1.08.3.1004.exe
2015-01-27 16:12 - 2015-01-29 21:28 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-27 16:12 - 2015-01-27 16:12 - 00753184 _____ () C:\Users\dcano_000\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-27 16:12 - 2015-01-27 16:12 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-01-27 15:56 - 2015-01-31 11:14 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-01-27 15:56 - 2015-01-27 15:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-27-20-56-51.054-AvastVBoxSVC.exe-3004.log
2015-01-27 15:56 - 2015-01-27 15:56 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-27 15:54 - 2015-01-29 18:06 - 00004962 _____ () C:\WINDOWS\PFRO.log
2015-01-27 15:43 - 2015-01-27 15:43 - 02194432 _____ () C:\Users\dcano_000\Downloads\adwcleaner_4.109.exe
2015-01-27 15:37 - 2015-01-27 15:38 - 01707939 _____ (Thisisu) C:\Users\dcano_000\Downloads\JRT(1).exe
2015-01-27 15:32 - 2015-01-27 15:34 - 00030867 _____ () C:\Users\dcano_000\Downloads\Result.txt
2015-01-27 15:31 - 2015-01-27 15:31 - 00401920 _____ (Farbar) C:\Users\dcano_000\Downloads\MiniToolBox.exe
2015-01-26 17:35 - 2015-01-31 11:21 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-01-19 11:46 - 2015-01-19 11:46 - 00000000 ____D () C:\Users\dcano_000\Desktop\TransUnion_files
2015-01-16 21:30 - 2015-01-16 21:30 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-14 21:08 - 2015-01-14 21:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-02-08-42.039-AvastVBoxSVC.exe-2960.log
2015-01-14 21:02 - 2015-01-14 21:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-02-02-43.034-AvastVBoxSVC.exe-2948.log
2015-01-13 14:14 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 14:14 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 14:14 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 14:14 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 14:14 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 14:14 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 14:14 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 14:14 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:14 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 14:14 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 14:14 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 14:14 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 14:14 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 14:14 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 14:14 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 14:14 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 14:14 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 14:14 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 14:14 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 14:14 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 14:14 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 13:51 - 2015-01-11 13:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-11-18-51-03.031-AvastVBoxSVC.exe-1504.log
2015-01-11 13:07 - 2015-01-11 13:07 - 02191360 _____ () C:\Users\dcano_000\Downloads\AdwCleaner(1).exe
2015-01-06 16:15 - 2015-01-06 16:16 - 00000197 _____ () C:\WINDOWS\system32\2015-01-06-21-15-59.002-AvastVBoxSVC.exe-2244.log
2015-01-05 14:34 - 2015-01-05 14:34 - 00000000 __SHD () C:\Users\dcano_000\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:37 - 2014-12-24 00:59 - 00020760 _____ () C:\Users\dcano_000\Downloads\FRST.txt
2015-01-31 15:37 - 2014-11-17 19:44 - 00000000 ____D () C:\FRST
2015-01-31 15:36 - 2013-04-01 15:51 - 00000000 ____D () C:\Users\dcano_000\Documents\Outlook Files
2015-01-31 15:30 - 2014-12-24 01:48 - 01879979 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 14:40 - 2014-02-09 13:52 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 14:06 - 2013-04-20 12:34 - 00004972 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMS-dcano_000 Moms
2015-01-31 13:40 - 2014-02-09 13:52 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 13:30 - 2013-03-10 00:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1553020140-4172482893-2706831263-1001
2015-01-31 11:16 - 2013-04-20 12:34 - 00000000 ___DO () C:\Users\dcano_000\SkyDrive
2015-01-31 11:15 - 2014-05-25 12:36 - 00000000 ____D () C:\temp
2015-01-31 11:14 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 11:13 - 2014-11-06 16:48 - 00000000 ____D () C:\Users\dcano_000\Documents\D2Travel
2015-01-31 11:13 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-31 11:09 - 2014-09-28 20:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 10:12 - 2014-01-12 09:33 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{81EF39A2-8D16-46FF-8B64-DF49A1D9A374}
2015-01-31 03:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-30 18:58 - 2013-12-30 01:10 - 00000000 ____D () C:\Users\dcano_000\Documents\Labels
2015-01-30 17:49 - 2013-04-14 11:59 - 00000000 ____D () C:\Users\dcano_000\Documents\MMP Travel
2015-01-30 17:47 - 2012-07-26 00:26 - 00000576 _____ () C:\WINDOWS\win.ini
2015-01-30 17:02 - 2013-04-13 10:47 - 00000000 ____D () C:\Users\dcano_000\Desktop\MMP Travel
2015-01-30 15:52 - 2013-03-10 00:09 - 00000000 ____D () C:\Users\dcano_000\AppData\Local\Packages
2015-01-29 18:08 - 2013-03-23 07:24 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-29 18:06 - 2014-09-25 22:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-28 05:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-28 05:52 - 2014-11-09 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-27 19:25 - 2014-07-21 14:28 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 19:25 - 2014-07-21 14:28 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-27 15:56 - 2013-03-10 14:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-27 15:52 - 2014-11-17 18:54 - 00000000 ____D () C:\AdwCleaner
2015-01-26 17:38 - 2013-03-10 14:13 - 00003720 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-26 17:19 - 2013-03-10 14:24 - 00000805 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 17:19 - 2013-03-10 14:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 17:03 - 2013-12-20 08:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 15:20 - 2014-12-12 14:49 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-12-12 14:49 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 03:17 - 2013-07-23 07:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-18 03:02 - 2013-03-11 18:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 21:56 - 2013-11-14 02:28 - 00883984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 18:55 - 2014-01-05 18:11 - 00000000 ____D () C:\Users\dcano_000

==================== Files in the root of some directories =======

2014-03-02 11:30 - 2014-03-02 11:31 - 0003584 _____ () C:\Users\dcano_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-31 21:35 - 2013-05-31 21:35 - 0003966 _____ () C:\Users\dcano_000\AppData\Local\recently-used.xbel
2014-10-26 20:12 - 2014-10-26 20:12 - 0000017 _____ () C:\Users\dcano_000\AppData\Local\resmon.resmoncfg
2014-05-24 16:37 - 2014-01-06 13:01 - 0010240 _____ () C:\Users\dcano_000\AppData\Local\Z@!-5fffb76e-a299-459b-b3bb-14ad1040f48f.tmp
2014-05-24 16:37 - 2014-01-06 13:01 - 0010240 _____ () C:\Users\dcano_000\AppData\Local\Z@!-a498005f-eddf-4b79-be93-d02f71123a84.tmp
2014-05-24 16:37 - 2014-01-06 13:01 - 0009216 _____ () C:\Users\dcano_000\AppData\Local\Z@S!-e5d292ce-23ca-4395-8a40-2a707f6f42a0.tmp
2014-05-05 19:45 - 2014-05-05 19:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-10 17:56 - 2012-11-10 17:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-04 14:01 - 2014-11-23 05:32 - 0014429 _____ () C:\ProgramData\hpzinstall.log
2014-01-31 10:38 - 2012-02-21 08:44 - 0120831 _____ () C:\ProgramData\MyNetDashboard.ico
2014-01-31 10:38 - 2012-02-21 08:45 - 0122493 _____ () C:\ProgramData\WDInternetSecurityAndParentalControl.ico

Some content of TEMP:
====================
C:\Users\dcano_000\AppData\Local\Temp\avxdisk.dll
C:\Users\dcano_000\AppData\Local\Temp\bdc.exe
C:\Users\dcano_000\AppData\Local\Temp\bdcore.dll
C:\Users\dcano_000\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\dcano_000\AppData\Local\Temp\bdnimbus32.dll
C:\Users\dcano_000\AppData\Local\Temp\bdnimbus64.dll
C:\Users\dcano_000\AppData\Local\Temp\bdupdateservice.dll
C:\Users\dcano_000\AppData\Local\Temp\DEVCON.EXE
C:\Users\dcano_000\AppData\Local\Temp\eEmpty.exe
C:\Users\dcano_000\AppData\Local\Temp\encdec.dll
C:\Users\dcano_000\AppData\Local\Temp\esupdate.exe
C:\Users\dcano_000\AppData\Local\Temp\FSSync.dll
C:\Users\dcano_000\AppData\Local\Temp\Getvlist.exe
C:\Users\dcano_000\AppData\Local\Temp\ikave.dll
C:\Users\dcano_000\AppData\Local\Temp\ipc.dll
C:\Users\dcano_000\AppData\Local\Temp\kave.dll
C:\Users\dcano_000\AppData\Local\Temp\kavvlg.dll
C:\Users\dcano_000\AppData\Local\Temp\msvclnt.dll
C:\Users\dcano_000\AppData\Local\Temp\msvcp80.dll
C:\Users\dcano_000\AppData\Local\Temp\msvcp90.dll
C:\Users\dcano_000\AppData\Local\Temp\msvcr80.dll
C:\Users\dcano_000\AppData\Local\Temp\msvcr90.dll
C:\Users\dcano_000\AppData\Local\Temp\msvl64.dll
C:\Users\dcano_000\AppData\Local\Temp\msvlclnt.dll
C:\Users\dcano_000\AppData\Local\Temp\mwavdwnl.exe
C:\Users\dcano_000\AppData\Local\Temp\MWAVL.exe
C:\Users\dcano_000\AppData\Local\Temp\mwavscan.exe
C:\Users\dcano_000\AppData\Local\Temp\mwunzip.dll
C:\Users\dcano_000\AppData\Local\Temp\prLoader.dll
C:\Users\dcano_000\AppData\Local\Temp\red32.dll
C:\Users\dcano_000\AppData\Local\Temp\Reload.exe
C:\Users\dcano_000\AppData\Local\Temp\scan.dll
C:\Users\dcano_000\AppData\Local\Temp\ScanningProcess.exe
C:\Users\dcano_000\AppData\Local\Temp\setpriv.exe
C:\Users\dcano_000\AppData\Local\Temp\test2.exe
C:\Users\dcano_000\AppData\Local\Temp\trufos.dll
C:\Users\dcano_000\AppData\Local\Temp\unregx.exe
C:\Users\dcano_000\AppData\Local\Temp\UPDLL10.DLL
C:\Users\dcano_000\AppData\Local\Temp\viewtcp.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 01 February 2015 - 05:57 AM

Hello dcanoli,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

Thank you for the provided logs. I will review them as fast as I can and I will be back with further instructions. Please, note that you should focus on only one thread here. Working with multiple people simultaneously may cause additional problems and will slow down our progress.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 01 February 2015 - 10:46 AM

Hello dcanoli,

 

While inspecting your log I came across two IP addresses set as DNS on the system:

81.218.119.15
199.203.35.75

Are you familiar with them or they are unknown to you?

 

********************

 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   1011bytes   9 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 

********************

 

Please, start again FRST. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan of the system and post the results in your next comment.

 

********************

 

In your next post, I will be waiting for:

  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • How is your system running now? Is there any improvement? Are those redirects still present?

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 02 February 2015 - 02:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by dcano_000 at 2015-02-02 14:39:04 Run:6
Running from C:\Users\dcano_000\Desktop
Loaded Profiles: dcano_000 (Available profiles: dcano_000 & joshm_000 & webst_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
<!DOCTYPE html>
    <html lang="en"  xmlns:fb="http://www.facebook.com/2008/fbml">
    <head>
        <meta charset="iso-8859-1" />
        <title>Error - BleepingComputer.com</title>
                <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <link rel="shortcut icon" href='http://www.bleepstatic.com/favicon/bleeping.ico' />
        <link rel="image_src" href='http://www.bleepingcomputer.com/forums/public/style_images/master/meta_image.png' />
        <script type='text/javascript'>
        //<![CDATA[
            jsDebug            = 0; /* Must come before JS includes */
            DISABLE_AJAX    = parseInt(0); /* Disables ajax requests where text is sent to the DB; helpful for charset issues */
            inACP            = false;
            var isRTL        = false;
            var rtlIe        = '';
            var rtlFull        = '';
        //]]>
        </script>
        
    
                
    

                
    

                
    

                
    

                
    

                
    
    
        <link rel="stylesheet" type="text/css" media='screen,print' href="http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;f=public/style_css/css_7/bc.css,public/style_css/css_7/ipb_common.css,public/style_css/css_7/ipb_styles.css,public/style_css/css_7/calendar_select.css,public/style_css/css_7/ipb_ckeditor.css,public/style_css/css_7/ipb_editor.css" />
    

<!--[if lte IE 7]>
    <link rel="stylesheet" type="text/css" title='Main' media="screen" href="http://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_ie.css" />
<![endif]-->
<!--[if lte IE 8]>
    <style type='text/css'>
        .ipb_table { table-layout: fixed; }
        .ipsLayout_content { width: 99.5%; }
    </style>
<![endif]-->

    <!-- Forces resized images to an admin-defined size -->
    <style type='text/css'>
        img.bbc_img {
            max-width: 730px !important;
            max-height: 730px !important;
        }
    </style>

        <meta property="og:title" content="Error"/>
        <meta property="og:site_name" content="BleepingComputer.com"/>
        <meta property="og:type" content="article" />
        
    
        
        
            <meta name="identifier-url" content="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=attach&amp;section=attach&amp;attach_id=161186" />
        
        
            <meta property="og:url" content="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=attach&amp;section=attach&amp;attach_id=161186" />
        
        
        
    

<meta property="og:image" content="http://www.bleepingcomputer.com/forums/public/style_images/master/meta_image.png"/>
        
        
        
        <script type='text/javascript' src='http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;g=js'></script>
    
    <script type='text/javascript' src='http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;charset=iso-8859-1&amp;f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js' charset='iso-8859-1'></script>


    



        
        <script type='text/javascript'>
    //<![CDATA[
        /* ---- URLs ---- */
        ipb.vars['base_url']             = 'http://www.bleepingcomputer.com/forums/index.php?s=56aac16d51108c02c044cf1e0aa3a7e0&';
        ipb.vars['board_url']            = 'http://www.bleepingcomputer.com/forums';
        ipb.vars['img_url']             = "http://www.bleepingcomputer.com/forums/public/style_images/master";
        ipb.vars['loading_img']         = 'http://www.bleepingcomputer.com/forums/public/style_images/master/loading.gif';
        ipb.vars['active_app']            = 'core';
        ipb.vars['upload_url']            = 'http://www.bleepingcomputer.com/forums/uploads';
        /* ---- Member ---- */
        ipb.vars['member_id']            = parseInt( 0 );
        ipb.vars['is_supmod']            = parseInt( 0 );
        ipb.vars['is_admin']            = parseInt( 0 );
        ipb.vars['secure_hash']         = '880ea6a14ea49e853634fbdc5015a024';
        ipb.vars['session_id']            = '56aac16d51108c02c044cf1e0aa3a7e0';
        ipb.vars['twitter_id']            = 0;
        ipb.vars['fb_uid']                = 0;
        ipb.vars['auto_dst']            = parseInt( 0 );
        ipb.vars['dst_in_use']            = parseInt(  );
        ipb.vars['is_touch']            = false;
        ipb.vars['member_group']        = {"g_mem_info":"0"}
        /* ---- cookies ----- */
        ipb.vars['cookie_id']             = '';
        ipb.vars['cookie_domain']         = '.bleepingcomputer.com';
        ipb.vars['cookie_path']            = '';
        /* ---- Rate imgs ---- */
        ipb.vars['rate_img_on']            = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star.png';
        ipb.vars['rate_img_off']        = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star_off.png';
        ipb.vars['rate_img_rated']        = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star_rated.png';
        /* ---- Uploads ---- */
        ipb.vars['swfupload_swf']        = 'http://www.bleepingcomputer.com/forums/public/js/3rd_party/swfupload/swfupload.swf';
        ipb.vars['swfupload_enabled']    = true;
        ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false;
        ipb.vars['swfupload_debug']        = false;
        /* ---- other ---- */
        ipb.vars['highlight_color']     = "#ade57a";
        ipb.vars['charset']                = "iso-8859-1";
        ipb.vars['time_offset']            = "-5";
        ipb.vars['hour_format']            = "12";
        ipb.vars['seo_enabled']            = 1;
        
        ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"?","varPage":"page-","varSep":"&","varJoin":"="};
        
        /* Templates/Language */
        ipb.templates['inlineMsg']        = "";
        ipb.templates['ajax_loading']     = "<div id='ajax_loading'><img src='http://www.bleepingcomputer.com/forums/public/style_images/master/ajax_loading.gif' alt='" + ipb.lang['loading'] + "' /></div>";
        ipb.templates['close_popup']    = "<img src='http://www.bleepingcomputer.com/forums/public/style_images/master/close_popup.png' alt='x' />";
        ipb.templates['rss_shell']        = new Template("<ul id='rss_menu' class='ipbmenu_content'>#{items}</ul>");
        ipb.templates['rss_item']        = new Template("<li><a href='#{url}' title='#{title}'>#{title}</a></li>");
        
        ipb.templates['autocomplete_wrap'] = new Template("<ul id='#{id}' class='ipb_autocomplete' style='width: 250px;'></ul>");
        ipb.templates['autocomplete_item'] = new Template("<li id='#{id}' data-url='#{url}'><img src='#{img}' alt='' class='ipsUserPhoto ipsUserPhoto_mini' />&nbsp;&nbsp;#{itemvalue}</li>");
        ipb.templates['page_jump']        = new Template("<div id='#{id}_wrap' class='ipbmenu_content'><h3 class='bar'>Jump to page</h3><p class='ipsPad'><input type='text' class='input_text' id='#{id}_input' size='8' /> <input type='submit' value='Go' class='input_submit add_folder' id='#{id}_submit' /></p></div>");
        ipb.templates['global_notify']     = new Template("<div class='popupWrapper'><div class='popupInner'><div class='ipsPad'>#{message} #{close}</div></div></div>");
        
        
        ipb.templates['header_menu']     = new Template("<div id='#{id}' class='ipsHeaderMenu boxShadow'></div>");
        
        Loader.boot();
    //]]>
    </script>
    <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-91740-1', 'auto');
  ga('require', 'displayfeatures');
  ga('send', 'pageview');

</script></head>
    <body id='ipboard_body'>
        <p id='content_jump' class='hide'><a id='top'></a><a href='#j_content' title='Jump to content' accesskey='m'>Jump to content</a></p>
        <div id='ipbwrapper'>
            <!-- ::: TOP BAR: Sign in / register or user drop down and notification alerts ::: -->
            <div id='header_bar' class='clearfix'>
                <div class='main_width'>
                    
                    <div id='user_navigation' class='not_logged_in'>
                            
                            <ul class='ipsList_inline right'>
                                <li>
                                    <span class='services'>
                                        
                                        
                                        
                                    </span>
                                    &nbsp;&nbsp;&nbsp;&nbsp;
                                    <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login' title='Sign In' id='sign_in'>Sign In</a>&nbsp;&nbsp;&nbsp;
                                </li>
                                <li>
                                    <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=register" title='Create Account' id='register_link'>Create Account</a>
                                </li>
                            </ul>
                        </div>
                </div>
            </div>
            <!-- ::: BRANDING STRIP: Logo and search box ::: -->
            <div id='branding'>
                <div class='main_width'>
                    <div id='logo'>
                        
                            <a href='http://www.bleepingcomputer.com/forums' title='Go to community index' rel="home" accesskey='1'><img src='http://www.bleepstatic.com/logo/forum-logo.png' alt='Logo' /></a>
                        
                    </div>
                    
                        <div id='search' class='right'>
    <form action="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;do=search&amp;fromMainBar=1" method="post" id='search-box' >
        <fieldset>
            <label for='main_search' class='hide'>Search</label>
            <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;search_in=core' title='Advanced Search' accesskey='4' rel="search" id='adv_search' class='right'>Advanced</a>
            <span id='search_wrap' class='right'>
                <input type='text' id='main_search' name='search_term' class='inactive' size='17' tabindex='100' />
                <span class='choice ipbmenu clickable' id='search_options' style='display: none'></span>
                <ul id='search_options_menucontent' class='ipbmenu_content ipsPad' style='display: none'>
                    <li class='title'><strong>Search section:</strong></li>
                    
                    
                    
                    <li class='app'><label for='s_forums' title='Forums'><input type='radio' name='search_app' class='input_radio' id='s_forums' value="forums"  />Forums</label></li>
                    <li class='app'><label for='s_members' title='Members'><input type='radio' name='search_app' class='input_radio' id='s_members' value="members"  />Members</label></li>
                    <li class='app'><label for='s_core' title='Help Files'><input type='radio' name='search_app' class='input_radio' id='s_core' value="core" checked="checked" />Help Files</label></li>
                                    
                        
                    
                
                        
                    
                
                        
                    
                
                        <li class='app'>
                                <label for='s_calendar' title='Calendar'>
                                    <input type='radio' name='search_app' class='input_radio' id='s_calendar' value="calendar"  />Calendar
                                </label>
                            </li>
                    
                
                        
                    
                
                        
                    
                
                        
                    
                </ul>
                <input type='submit' class='submit_input clickable' value='Search' />
            </span>
            
        </fieldset>
    </form>
</div>
                    
                </div>
            </div>
            <!-- ::: APPLICATION TABS ::: -->
            <div id='primary_nav' class='clearfix'>
                <div class='main_width'>
                    <ul class='ipsList_inline' id='community_app_menu'>
                        
                            <li class='right'>
                                <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=navigation&amp;inapp=core" rel="quickNavigation" accesskey='9' id='quickNavLaunch' title='Open Quick Navigation'><span>&nbsp;</span></a>
                            </li>
                        
                        <li id='nav_explore' class='right'>
                            <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;do=viewNewContent&amp;search_app=forums' accesskey='2'>View New Content</a>
                        </li>
                        <li class='right'><a href='http://www.bleepingcomputer.com/forum-rules/'>Forum Rules</a></li>
                        
                            <li id='nav_home' class='left'><a href='http://www.bleepingcomputer.com' title='Homepage' rel="home">BleepingComputer.com</a></li>
                        

                        
                                
                                    
                                

                                    
                                                                                <li id='nav_app_forums' class="left "><a href='http://www.bleepingcomputer.com/forums/' title='Go to Forums'>Forums</a></li>
                                    
                                

                                    
                                                                                <li id='nav_app_members' class="left "><a href='http://www.bleepingcomputer.com/forums/members/' title='Go to Members'>Members</a></li>
                                    
                                

                                    
                                

                                    
                                
                            
                            
                        <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/tutorials/' title="Computer Tutorials">Tutorials</a> </li>
            <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/startups/' title="Startup Database">Startup List</a> </li>
            <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/virus-removal/' title="Virus Removal Guides">Virus Removal</a> </li>
            <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/download/' title="Downloads">Downloads</a> </li>
            <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/uninstall/' title="Uninstall List">Uninstall List</a> </li>
            <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/welcome-guide/' title="Welcome Guide">Welcome Guide</a> </li>                       
                        
                        <li id='nav_other_apps' style='display: none'>
                            <a href='#' class='ipbmenu' id='more_apps'>More <img src='http://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png' /></a>
                        </li>
                    </ul>
                </div>
            </div>    
            
            <!-- ::: MAIN CONTENT AREA ::: -->
            <div id='content' class='clearfix'>
                <!-- ::: NAVIGATION BREADCRUMBS ::: -->
                
                <noscript>
                    <div class='message error'>
                        <strong>Javascript Disabled Detected</strong>
                        <p>You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.</p>
                    </div>
                    <br />
                </noscript>
                <!-- ::: CONTENT ::: -->
                
                    <div class='ipsAd'><div align='center'><div class='side_box_a_cont'>
 <div class='side_box_ad'>
<script type="text/javascript">
//<![CDATA[
ord = window.ord || Math.floor(Math.random()*1E16);
document.write('<script type="text/javascript" src="http://ad4.netshelter.net/adj/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=' + ord + '?"><\/script>');
//]]>
</script>                               
<noscript><a href="http://ad4.netshelter.net/jump/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=123456789?" target="_blank" ><img src="http://ad4.netshelter.net/ad/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=123456789?" border="0" alt="" /></a></noscript>
 </div>
</div>
</div></div>
                
                <div id="guestwelcome">
<div id="guestwelcome-title">
Register a free account to unlock additional features at BleepingComputer.com
</div>
<div id="guestwelcome-content">
<img src="http://www.bleepstatic.com/bc/misc/keys.gif" style="float:left" width='50' height='50'>Welcome to <b>BleepingComputer</b>, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having <b>no ads</b> shown anywhere on the site.<br /><br />
<center><a href='http://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register'><b>Click here to Register a free account now!</b></a> or read our <a href='http://www.bleepingcomputer.com/welcome-guide/'><b>Welcome Guide</b></a> to learn how to use this site.</center>
</div>
</div>
<br />
<script type="text/javascript">
<!--
function contact_admin() {
  // Very basic spam bot stopper
  admin_email_one = 'bleep';
  admin_email_two = 'bleepingcomputer.com';
  window.location = 'mailto:'+admin_email_one+'@'+admin_email_two+'?subject=Error on the forums';  
}
//-->
</script>
<br />
<h1 class='ipsType_pagetitle'>Sorry, you don't have permission for that!</h1>
<br />
<div class='ipsBox'>
    <div class='ipsBox_container ipsPad'>
        <span class="right desc ipsType_smaller ipsPad_top">[#10171] </span>
        <p class='ipsType_sectiontitle'>
            You do not have permission to view this attachment.
        </p>
        <br />
        <p>Need Help?</p>
        <ul class='ipsPad_top bullets'>
            
                <li><a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login' title='Log in'>Click here to log in</a></li>
            
            <li><a href="http://www.bleepingcomputer.com/forums/index.php?app=core&module=help" rel="help" title='Our help documentation'>Our help documentation</a></li>
            <li><a href="/contact/" title='Contact the community administrator'>Contact the community administrator</a></li>
        </ul>
    </div>
</div>

                
                    <div class='ipsAd'><div align='center' style="margin:0px auto; width:970px" class='clear' />
<br />
<script type="text/javascript">
//<![CDATA[
ord = window.ord || Math.floor(Math.random()*1E16);
document.write('<script type="text/javascript" src="http://ad4.netshelter.net/adj/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=' + ord + '?"><\/script>');
//]]>

</script>
<noscript><a href="http://ad4.netshelter.net/jump/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=123456789?" target="_blank" ><img src="http://ad4.netshelter.net/ad/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=123456789?" border="0" alt="" /></a></noscript>
<!-- end ad tag -->
</div></div>
                
                <ol class='breadcrumb bottom ipsList_inline left clearfix clear'>
                    
                        <li>&nbsp;</li>
                    
                    
                    <li class='right ipsType_smaller'>
                        <a rel="nofollow" href='http://www.bleepingcomputer.com/privacy/'>Privacy Policy</a>
                    </li>
                    
                    <li class='right ipsType_smaller'>
                            <a href='http://www.bleepingcomputer.com/forum-rules/'>Rules</a> &middot;
                        </li>    
                </ol>
            </div>
            <!-- ::: FOOTER (Change skin, language, mark as read, etc) ::: -->
            <div id='footer_utilities' class='main_width clearfix clear'>
                <a rel="nofollow" href='#top' id='backtotop' title='Go to top'><img src='http://www.bleepingcomputer.com/forums/public/style_images/master/top.png' alt='' /></a>
                <ul class='ipsList_inline left'>
                    <li>
                        <img src='http://www.bleepingcomputer.com/forums/public/style_images/master/feed.png' alt='RSS Feed' id='rss_feed' class='clickable' />
                    </li>
                    
                            
                                <li>
                                    <a rel="nofollow" id='new_skin' href='#'>Change Theme</a>            
                                    <ul id='new_skin_menucontent' class='ipbmenu_content with_checks' style='display: none'>
                                        
                                            <li class='selected'>
                                                <a href='#' data-clicklaunch='changeSkin' data-skinid='7'>BleepingComputer.com</a>
                                            </li>
                                        

                                            <li >
                                                <a href='#' data-clicklaunch='changeSkin' data-skinid='8'>IPS Test</a>
                                            </li>
                                        
                                    </ul>
                                </li>
                            
                    
                    
                    <li>
                        <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=help" title='View help' rel="help" accesskey='6'>Help</a>
                    </li>                
                </ul>
<div style="margin-top: 30px; clear: both;">
 <table width="100%" border="0" cellspacing="4" cellpadding="0">
  <tr>
    <td align='center'>
                <a href="http://www.bleepingcomputer.com/advertise/" rel="nofollow">Advertise</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/about/" rel="nofollow">About Us</a>   
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/user-agreement/" rel="nofollow">User Agreement</a>            
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/privacy/" rel="nofollow">Privacy Policy</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/contact/" rel="nofollow">Contact Us</a>     
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/sitemap/">Sitemap</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/chat/" rel="nofollow">Chat</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="/tutorials/">Tutorials</a>
                 &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/uninstall/">Uninstall List</a>
    </td>
  </tr>
  <tr>
    <td align='center'>
                <a href="/forums/">Discussion Forums</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="/glossary/">The Computer Glossary</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="/rss-feeds/">RSS Feeds</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="/startups">Startups</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="/filedb/">The File Database</a>
                 &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/virus-removal/">Virus Removal Guides</a>
                &nbsp;&nbsp;|&nbsp;&nbsp;
                <a href="http://www.bleepingcomputer.com/download/">Downloads</a>
      </td>
  </tr>
 </table>                                                      
 <br />
  <div align='center'> <font size="1">&#169;&nbsp;2004-2015 All Rights Reserved <a href="http://www.bleepingcomputer.com"> <b>Bleeping Computer LLC</b> </a>.</font><br>
<a href="/changelog/">Site Changelog</a> </div>
 <br />                
</div>
                <!-- Copyright Information -->
                          <p id='copyright'>
                              <a href='http://www.invisionpower.com/apps/board/' title='Community Forum Software by Invision Power Services'>Community Forum Software by IP.Board</a></p>
        <!-- / Copyright -->
            </div>
            
            
            
                <script type="text/javascript">
                    ipb.global.lightBoxIsOff();
                </script>
            
            <div id='inline_login_form' style="display:none">
        <form action="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login&amp;do=process" method="post" id='login'>
                <input type='hidden' name='auth_key' value='880ea6a14ea49e853634fbdc5015a024' />
                <input type="hidden" name="referer" value="http://www.bleepingcomputer.com/forums/index.php?app=core&module=attach&section=attach&attach_id=161186" />
                <h3>Sign In</h3>
                
                <br />
                <div class='ipsForm ipsForm_horizontal'>
                    <fieldset>
                        <ul>
                            <li class='ipsField'>
                                <div class='ipsField_content'>
                                    Need an account? <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=register" title='Register now!'>Register now!</a>
                                </div>
                            </li>
                            <li class='ipsField ipsField_primary'>
                                <label for='ips_username' class='ipsField_title'>Username</label>
                                <div class='ipsField_content'>
                                    <input id='ips_username' type='text' class='input_text' name='ips_username' size='30' tabindex='0' />
                                </div>
                            </li>
                            <li class='ipsField ipsField_primary'>
                                <label for='ips_password' class='ipsField_title'>Password</label>
                                <div class='ipsField_content'>
                                    <input id='ips_password' type='password' class='input_text' name='ips_password' size='30' tabindex='0' /><br />
                                    <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=lostpass' title='Retrieve password'>I've forgotten my password</a>
                                </div>
                            </li>
                            <li class='ipsField ipsField_checkbox'>
                                <input type='checkbox' id='inline_remember' checked='checked' name='rememberMe' value='1' class='input_check' tabindex='0' />
                                <div class='ipsField_content'>
                                    <label for='inline_remember'>
                                        <strong>Remember me</strong><br />
                                        <span class='desc lighter'>This is not recommended for shared computers</span>
                                    </label>
                                </div>
                            </li>
                            
                                <li class='ipsField ipsField_checkbox'>
                                    <input type='checkbox' id='inline_invisible' name='anonymous' value='1' class='input_check' tabindex='0' />
                                    <div class='ipsField_content'>
                                        <label for='inline_invisible'>
                                            <strong>Sign in anonymously</strong><br />
                                            <span class='desc lighter'>Don't add me to the active users list</span>
                                        </label>
                                    </div>
                                </li>
                            
                            
                            <li class='ipsPad_top ipsForm_center desc ipsType_smaller'>
                                <a rel="nofollow" href='http://www.bleepingcomputer.com/forums/privacypolicy/'>Privacy Policy</a>
                            </li>
                            
                        </ul>
                    </fieldset>
                    
                    <div class='ipsForm_submit ipsForm_center'>
                        <input type='submit' class='ipsButton' value='Sign In' tabindex='0' />
                    </div>
                </div>
            </form>
    </div>
        </div>
        
        
        <script type='text/javascript'>
            if( $('primary_nav') ){    ipb.global.activateMainMenu(); }
        </script>


<script type="text/javascript">
(function() {
    var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true;
    nstrack.src = "http://track.netshelter.net/async/js/sites/bleepingcomputer.com-async.js";
    el_nstrack.parentNode.insertBefore(nstrack, el_nstrack);
  })();
</script>


    </body>
</html>
*****************

<!DOCTYPE html> => Error: No automatic fix found for this entry.
    <html lang="en"  xmlns:fb="http://www.facebook.com/2008/fbml"> => Error: No automatic fix found for this entry.
    <head> => Error: No automatic fix found for this entry.
        <meta charset="iso-8859-1" /> => Error: No automatic fix found for this entry.
        <title>Error - BleepingComputer.com</title> => Error: No automatic fix found for this entry.
                <meta http-equiv="X-UA-Compatible" content="IE=edge" /> => Error: No automatic fix found for this entry.
        <link rel="shortcut icon" href='http://www.bleepstatic.com/favicon/bleeping.ico' /> => Error: No automatic fix found for this entry.
        <link rel="image_src" href='http://www.bleepingcomputer.com/forums/public/style_images/master/meta_image.png' /> => Error: No automatic fix found for this entry.
        <script type='text/javascript'> => Error: No automatic fix found for this entry.
        //<![CDATA[ => Error: No automatic fix found for this entry.
            jsDebug            = 0; /* Must come before JS includes */ => Error: No automatic fix found for this entry.
            DISABLE_AJAX    = parseInt(0); /* Disables ajax requests where text is sent to the DB; helpful for charset issues */ => Error: No automatic fix found for this entry.
            inACP            = false; => Error: No automatic fix found for this entry.
            var isRTL        = false; => Error: No automatic fix found for this entry.
            var rtlIe        = ''; => Error: No automatic fix found for this entry.
            var rtlFull        = ''; => Error: No automatic fix found for this entry.
        //]]> => Error: No automatic fix found for this entry.
        </script> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
        <link rel="stylesheet" type="text/css" media='screen,print' href="http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;f=public/style_css/css_7/bc.css,public/style_css/css_7/ipb_common.css,public/style_css/css_7/ipb_styles.css,public/style_css/css_7/calendar_select.css,public/style_css/css_7/ipb_ckeditor.css,public/style_css/css_7/ipb_editor.css" /> => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
<!--[if lte IE 7]> => Error: No automatic fix found for this entry.
    <link rel="stylesheet" type="text/css" title='Main' media="screen" href="http://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_ie.css" /> => Error: No automatic fix found for this entry.
<![endif]--> => Error: No automatic fix found for this entry.
<!--[if lte IE 8]> => Error: No automatic fix found for this entry.
    <style type='text/css'> => Error: No automatic fix found for this entry.
        .ipb_table { table-layout: fixed; } => Error: No automatic fix found for this entry.
        .ipsLayout_content { width: 99.5%; } => Error: No automatic fix found for this entry.
    </style> => Error: No automatic fix found for this entry.
<![endif]--> => Error: No automatic fix found for this entry.
    <!-- Forces resized images to an admin-defined size --> => Error: No automatic fix found for this entry.
    <style type='text/css'> => Error: No automatic fix found for this entry.
        img.bbc_img { => Error: No automatic fix found for this entry.
            max-width: 730px !important; => Error: No automatic fix found for this entry.
            max-height: 730px !important; => Error: No automatic fix found for this entry.
        } => Error: No automatic fix found for this entry.
    </style> => Error: No automatic fix found for this entry.
        <meta property="og:title" content="Error"/> => Error: No automatic fix found for this entry.
        <meta property="og:site_name" content="BleepingComputer.com"/> => Error: No automatic fix found for this entry.
        <meta property="og:type" content="article" /> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
            <meta name="identifier-url" content="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=attach&amp;section=attach&amp;attach_id=161186" /> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
            <meta property="og:url" content="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=attach&amp;section=attach&amp;attach_id=161186" /> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
<meta property="og:image" content="http://www.bleepingcomputer.com/forums/public/style_images/master/meta_image.png"/> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        <script type='text/javascript' src='http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;g=js'></script> => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
    <script type='text/javascript' src='http://www.bleepingcomputer.com/forums/public/min/index.php?ipbv=f54b58b32165e4ec0fc618bec551f93f&amp;charset=iso-8859-1&amp;f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js' charset='iso-8859-1'></script> => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        <script type='text/javascript'> => Error: No automatic fix found for this entry.
    //<![CDATA[ => Error: No automatic fix found for this entry.
        /* ---- URLs ---- */ => Error: No automatic fix found for this entry.
        ipb.vars['base_url']             = 'http://www.bleepingcomputer.com/forums/index.php?s=56aac16d51108c02c044cf1e0aa3a7e0&'; => Error: No automatic fix found for this entry.
        ipb.vars['board_url']            = 'http://www.bleepingcomputer.com/forums'; => Error: No automatic fix found for this entry.
        ipb.vars['img_url']             = "http://www.bleepingcomputer.com/forums/public/style_images/master"; => Error: No automatic fix found for this entry.
        ipb.vars['loading_img']         = 'http://www.bleepingcomputer.com/forums/public/style_images/master/loading.gif'; => Error: No automatic fix found for this entry.
        ipb.vars['active_app']            = 'core'; => Error: No automatic fix found for this entry.
        ipb.vars['upload_url']            = 'http://www.bleepingcomputer.com/forums/uploads'; => Error: No automatic fix found for this entry.
        /* ---- Member ---- */ => Error: No automatic fix found for this entry.
        ipb.vars['member_id']            = parseInt( 0 ); => Error: No automatic fix found for this entry.
        ipb.vars['is_supmod']            = parseInt( 0 ); => Error: No automatic fix found for this entry.
        ipb.vars['is_admin']            = parseInt( 0 ); => Error: No automatic fix found for this entry.
        ipb.vars['secure_hash']         = '880ea6a14ea49e853634fbdc5015a024'; => Error: No automatic fix found for this entry.
        ipb.vars['session_id']            = '56aac16d51108c02c044cf1e0aa3a7e0'; => Error: No automatic fix found for this entry.
        ipb.vars['twitter_id']            = 0; => Error: No automatic fix found for this entry.
        ipb.vars['fb_uid']                = 0; => Error: No automatic fix found for this entry.
        ipb.vars['auto_dst']            = parseInt( 0 ); => Error: No automatic fix found for this entry.
        ipb.vars['dst_in_use']            = parseInt(  ); => Error: No automatic fix found for this entry.
        ipb.vars['is_touch']            = false; => Error: No automatic fix found for this entry.
        ipb.vars['member_group']        = {"g_mem_info":"0"} => Error: No automatic fix found for this entry.
        /* ---- cookies ----- */ => Error: No automatic fix found for this entry.
        ipb.vars['cookie_id']             = ''; => Error: No automatic fix found for this entry.
        ipb.vars['cookie_domain']         = '.bleepingcomputer.com'; => Error: No automatic fix found for this entry.
        ipb.vars['cookie_path']            = ''; => Error: No automatic fix found for this entry.
        /* ---- Rate imgs ---- */ => Error: No automatic fix found for this entry.
        ipb.vars['rate_img_on']            = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star.png'; => Error: No automatic fix found for this entry.
        ipb.vars['rate_img_off']        = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star_off.png'; => Error: No automatic fix found for this entry.
        ipb.vars['rate_img_rated']        = 'http://www.bleepingcomputer.com/forums/public/style_images/master/star_rated.png'; => Error: No automatic fix found for this entry.
        /* ---- Uploads ---- */ => Error: No automatic fix found for this entry.
        ipb.vars['swfupload_swf']        = 'http://www.bleepingcomputer.com/forums/public/js/3rd_party/swfupload/swfupload.swf'; => Error: No automatic fix found for this entry.
        ipb.vars['swfupload_enabled']    = true; => Error: No automatic fix found for this entry.
        ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false; => Error: No automatic fix found for this entry.
        ipb.vars['swfupload_debug']        = false; => Error: No automatic fix found for this entry.
        /* ---- other ---- */ => Error: No automatic fix found for this entry.
        ipb.vars['highlight_color']     = "#ade57a"; => Error: No automatic fix found for this entry.
        ipb.vars['charset']                = "iso-8859-1"; => Error: No automatic fix found for this entry.
        ipb.vars['time_offset']            = "-5"; => Error: No automatic fix found for this entry.
        ipb.vars['hour_format']            = "12"; => Error: No automatic fix found for this entry.
        ipb.vars['seo_enabled']            = 1; => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"?","varPage":"page-","varSep":"&","varJoin":"="}; => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        /* Templates/Language */ => Error: No automatic fix found for this entry.
        ipb.templates['inlineMsg']        = ""; => Error: No automatic fix found for this entry.
        ipb.templates['ajax_loading']     = "<div id='ajax_loading'><img src='http://www.bleepingcomputer.com/forums/public/style_images/master/ajax_loading.gif' alt='" + ipb.lang['loading'] + "' /></div>"; => Error: No automatic fix found for this entry.
        ipb.templates['close_popup']    = "<img src='http://www.bleepingcomputer.com/forums/public/style_images/master/close_popup.png' alt='x' />"; => Error: No automatic fix found for this entry.
        ipb.templates['rss_shell']        = new Template("<ul id='rss_menu' class='ipbmenu_content'>#{items}</ul>"); => Error: No automatic fix found for this entry.
        ipb.templates['rss_item']        = new Template("<li><a href='#{url}' title='#{title}'>#{title}</a></li>"); => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        ipb.templates['autocomplete_wrap'] = new Template("<ul id='#{id}' class='ipb_autocomplete' style='width: 250px;'></ul>"); => Error: No automatic fix found for this entry.
        ipb.templates['autocomplete_item'] = new Template("<li id='#{id}' data-url='#{url}'><img src='#{img}' alt='' class='ipsUserPhoto ipsUserPhoto_mini' />&nbsp;&nbsp;#{itemvalue}</li>"); => Error: No automatic fix found for this entry.
        ipb.templates['page_jump']        = new Template("<div id='#{id}_wrap' class='ipbmenu_content'><h3 class='bar'>Jump to page</h3><p class='ipsPad'><input type='text' class='input_text' id='#{id}_input' size='8' /> <input type='submit' value='Go' class='input_submit add_folder' id='#{id}_submit' /></p></div>"); => Error: No automatic fix found for this entry.
        ipb.templates['global_notify']     = new Template("<div class='popupWrapper'><div class='popupInner'><div class='ipsPad'>#{message} #{close}</div></div></div>"); => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        ipb.templates['header_menu']     = new Template("<div id='#{id}' class='ipsHeaderMenu boxShadow'></div>"); => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        Loader.boot(); => Error: No automatic fix found for this entry.
    //]]> => Error: No automatic fix found for this entry.
    </script> => Error: No automatic fix found for this entry.
    <script> => Error: No automatic fix found for this entry.
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ => Error: No automatic fix found for this entry.
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), => Error: No automatic fix found for this entry.
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) => Error: No automatic fix found for this entry.
})(window,document,'script','//www.google-analytics.com/analytics.js','ga'); => Error: No automatic fix found for this entry.
ga('create', 'UA-91740-1', 'auto'); => Error: No automatic fix found for this entry.
ga('require', 'displayfeatures'); => Error: No automatic fix found for this entry.
ga('send', 'pageview'); => Error: No automatic fix found for this entry.
</script></head> => Error: No automatic fix found for this entry.
    <body id='ipboard_body'> => Error: No automatic fix found for this entry.
        <p id='content_jump' class='hide'><a id='top'></a><a href='#j_content' title='Jump to content' accesskey='m'>Jump to content</a></p> => Error: No automatic fix found for this entry.
        <div id='ipbwrapper'> => Error: No automatic fix found for this entry.
            <!-- ::: TOP BAR: Sign in / register or user drop down and notification alerts ::: --> => Error: No automatic fix found for this entry.
            <div id='header_bar' class='clearfix'> => Error: No automatic fix found for this entry.
                <div class='main_width'> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <div id='user_navigation' class='not_logged_in'> => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                            <ul class='ipsList_inline right'> => Error: No automatic fix found for this entry.
                                <li> => Error: No automatic fix found for this entry.
                                    <span class='services'> => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                    </span> => Error: No automatic fix found for this entry.
                                    &nbsp;&nbsp;&nbsp;&nbsp; => Error: No automatic fix found for this entry.
                                    <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login' title='Sign In' id='sign_in'>Sign In</a>&nbsp;&nbsp;&nbsp; => Error: No automatic fix found for this entry.
                                </li> => Error: No automatic fix found for this entry.
                                <li> => Error: No automatic fix found for this entry.
                                    <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=register" title='Create Account' id='register_link'>Create Account</a> => Error: No automatic fix found for this entry.
                                </li> => Error: No automatic fix found for this entry.
                            </ul> => Error: No automatic fix found for this entry.
                        </div> => Error: No automatic fix found for this entry.
                </div> => Error: No automatic fix found for this entry.
            </div> => Error: No automatic fix found for this entry.
            <!-- ::: BRANDING STRIP: Logo and search box ::: --> => Error: No automatic fix found for this entry.
            <div id='branding'> => Error: No automatic fix found for this entry.
                <div class='main_width'> => Error: No automatic fix found for this entry.
                    <div id='logo'> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                            <a href='http://www.bleepingcomputer.com/forums' title='Go to community index' rel="home" accesskey='1'><img src='http://www.bleepstatic.com/logo/forum-logo.png' alt='Logo' /></a> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                    </div> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                        <div id='search' class='right'> => Error: No automatic fix found for this entry.
    <form action="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;do=search&amp;fromMainBar=1" method="post" id='search-box' > => Error: No automatic fix found for this entry.
        <fieldset> => Error: No automatic fix found for this entry.
            <label for='main_search' class='hide'>Search</label> => Error: No automatic fix found for this entry.
            <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;search_in=core' title='Advanced Search' accesskey='4' rel="search" id='adv_search' class='right'>Advanced</a> => Error: No automatic fix found for this entry.
            <span id='search_wrap' class='right'> => Error: No automatic fix found for this entry.
                <input type='text' id='main_search' name='search_term' class='inactive' size='17' tabindex='100' /> => Error: No automatic fix found for this entry.
                <span class='choice ipbmenu clickable' id='search_options' style='display: none'></span> => Error: No automatic fix found for this entry.
                <ul id='search_options_menucontent' class='ipbmenu_content ipsPad' style='display: none'> => Error: No automatic fix found for this entry.
                    <li class='title'><strong>Search section:</strong></li> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <li class='app'><label for='s_forums' title='Forums'><input type='radio' name='search_app' class='input_radio' id='s_forums' value="forums"  />Forums</label></li> => Error: No automatic fix found for this entry.
                    <li class='app'><label for='s_members' title='Members'><input type='radio' name='search_app' class='input_radio' id='s_members' value="members"  />Members</label></li> => Error: No automatic fix found for this entry.
                    <li class='app'><label for='s_core' title='Help Files'><input type='radio' name='search_app' class='input_radio' id='s_core' value="core" checked="checked" />Help Files</label></li> => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                        <li class='app'> => Error: No automatic fix found for this entry.
                                <label for='s_calendar' title='Calendar'> => Error: No automatic fix found for this entry.
                                    <input type='radio' name='search_app' class='input_radio' id='s_calendar' value="calendar"  />Calendar => Error: No automatic fix found for this entry.
                                </label> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                </ul> => Error: No automatic fix found for this entry.
                <input type='submit' class='submit_input clickable' value='Search' /> => Error: No automatic fix found for this entry.
            </span> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
        </fieldset> => Error: No automatic fix found for this entry.
    </form> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                </div> => Error: No automatic fix found for this entry.
            </div> => Error: No automatic fix found for this entry.
            <!-- ::: APPLICATION TABS ::: --> => Error: No automatic fix found for this entry.
            <div id='primary_nav' class='clearfix'> => Error: No automatic fix found for this entry.
                <div class='main_width'> => Error: No automatic fix found for this entry.
                    <ul class='ipsList_inline' id='community_app_menu'> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                            <li class='right'> => Error: No automatic fix found for this entry.
                                <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=navigation&amp;inapp=core" rel="quickNavigation" accesskey='9' id='quickNavLaunch' title='Open Quick Navigation'><span>&nbsp;</span></a> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                        <li id='nav_explore' class='right'> => Error: No automatic fix found for this entry.
                            <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=search&amp;do=viewNewContent&amp;search_app=forums' accesskey='2'>View New Content</a> => Error: No automatic fix found for this entry.
                        </li> => Error: No automatic fix found for this entry.
                        <li class='right'><a href='http://www.bleepingcomputer.com/forum-rules/'>Forum Rules</a></li> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                            <li id='nav_home' class='left'><a href='http://www.bleepingcomputer.com' title='Homepage' rel="home">BleepingComputer.com</a></li> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                                                                <li id='nav_app_forums' class="left "><a href='http://www.bleepingcomputer.com/forums/' title='Go to Forums'>Forums</a></li> => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                                                                <li id='nav_app_members' class="left "><a href='http://www.bleepingcomputer.com/forums/members/' title='Go to Members'>Members</a></li> => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                                     => Error: No automatic fix found for this entry.
                                 => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                        <li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/tutorials/' title="Computer Tutorials">Tutorials</a> </li> => Error: No automatic fix found for this entry.
<li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/startups/' title="Startup Database">Startup List</a> </li> => Error: No automatic fix found for this entry.
<li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/virus-removal/' title="Virus Removal Guides">Virus Removal</a> </li> => Error: No automatic fix found for this entry.
<li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/download/' title="Downloads">Downloads</a> </li> => Error: No automatic fix found for this entry.
<li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/uninstall/' title="Uninstall List">Uninstall List</a> </li> => Error: No automatic fix found for this entry.
<li id='nav_home' class='left'> <a href='http://www.bleepingcomputer.com/welcome-guide/' title="Welcome Guide">Welcome Guide</a> </li> => Error: No automatic fix found for this entry.
                         => Error: No automatic fix found for this entry.
                        <li id='nav_other_apps' style='display: none'> => Error: No automatic fix found for this entry.
                            <a href='#' class='ipbmenu' id='more_apps'>More <img src='http://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png' /></a> => Error: No automatic fix found for this entry.
                        </li> => Error: No automatic fix found for this entry.
                    </ul> => Error: No automatic fix found for this entry.
                </div> => Error: No automatic fix found for this entry.
            </div>     => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
            <!-- ::: MAIN CONTENT AREA ::: --> => Error: No automatic fix found for this entry.
            <div id='content' class='clearfix'> => Error: No automatic fix found for this entry.
                <!-- ::: NAVIGATION BREADCRUMBS ::: --> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                <noscript> => Error: No automatic fix found for this entry.
                    <div class='message error'> => Error: No automatic fix found for this entry.
                        <strong>Javascript Disabled Detected</strong> => Error: No automatic fix found for this entry.
                        <p>You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.</p> => Error: No automatic fix found for this entry.
                    </div> => Error: No automatic fix found for this entry.
                    <br /> => Error: No automatic fix found for this entry.
                </noscript> => Error: No automatic fix found for this entry.
                <!-- ::: CONTENT ::: --> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                    <div class='ipsAd'><div align='center'><div class='side_box_a_cont'> => Error: No automatic fix found for this entry.
<div class='side_box_ad'> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
//<![CDATA[ => Error: No automatic fix found for this entry.
ord = window.ord || Math.floor(Math.random()*1E16); => Error: No automatic fix found for this entry.
document.write('<script type="text/javascript" src="http://ad4.netshelter.net/adj/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=' + ord + '?"><\/script>'); => Error: No automatic fix found for this entry.
//]]> => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<noscript><a href="http://ad4.netshelter.net/jump/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=123456789?" target="_blank" ><img src="http://ad4.netshelter.net/ad/ns.bleepingcomputer/topic_top;ppos=atf;kw=;tile=1;dcopt=ist;sz=728x90,970x90,920x250;ord=123456789?" border="0" alt="" /></a></noscript> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div></div> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                <div id="guestwelcome"> => Error: No automatic fix found for this entry.
<div id="guestwelcome-title"> => Error: No automatic fix found for this entry.
Register a free account to unlock additional features at BleepingComputer.com => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div id="guestwelcome-content"> => Error: No automatic fix found for this entry.
<img src="http://www.bleepstatic.com/bc/misc/keys.gif" style="float:left" width='50' height='50'>Welcome to <b>BleepingComputer</b>, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having <b>no ads</b> shown anywhere on the site.<br /><br /> => Error: No automatic fix found for this entry.
<center><a href='http://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register'><b>Click here to Register a free account now!</b></a> or read our <a href='http://www.bleepingcomputer.com/welcome-guide/'><b>Welcome Guide</b></a> to learn how to use this site.</center> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<br /> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
<!-- => Error: No automatic fix found for this entry.
function contact_admin() { => Error: No automatic fix found for this entry.
// Very basic spam bot stopper => Error: No automatic fix found for this entry.
admin_email_one = 'bleep'; => Error: No automatic fix found for this entry.
admin_email_two = 'bleepingcomputer.com'; => Error: No automatic fix found for this entry.
window.location = 'mailto:'+admin_email_one+'@'+admin_email_two+'?subject=Error on the forums'; => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
//--> => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<br /> => Error: No automatic fix found for this entry.
<h1 class='ipsType_pagetitle'>Sorry, you don't have permission for that!</h1> => Error: No automatic fix found for this entry.
<br /> => Error: No automatic fix found for this entry.
<div class='ipsBox'> => Error: No automatic fix found for this entry.
    <div class='ipsBox_container ipsPad'> => Error: No automatic fix found for this entry.
        <span class="right desc ipsType_smaller ipsPad_top">[#10171] </span> => Error: No automatic fix found for this entry.
        <p class='ipsType_sectiontitle'> => Error: No automatic fix found for this entry.
            You do not have permission to view this attachment. => Error: No automatic fix found for this entry.
        </p> => Error: No automatic fix found for this entry.
        <br /> => Error: No automatic fix found for this entry.
        <p>Need Help?</p> => Error: No automatic fix found for this entry.
        <ul class='ipsPad_top bullets'> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
                <li><a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login' title='Log in'>Click here to log in</a></li> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
            <li><a href="http://www.bleepingcomputer.com/forums/index.php?app=core&module=help" rel="help" title='Our help documentation'>Our help documentation</a></li> => Error: No automatic fix found for this entry.
            <li><a href="/contact/" title='Contact the community administrator'>Contact the community administrator</a></li> => Error: No automatic fix found for this entry.
        </ul> => Error: No automatic fix found for this entry.
    </div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                    <div class='ipsAd'><div align='center' style="margin:0px auto; width:970px" class='clear' /> => Error: No automatic fix found for this entry.
<br /> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
//<![CDATA[ => Error: No automatic fix found for this entry.
ord = window.ord || Math.floor(Math.random()*1E16); => Error: No automatic fix found for this entry.
document.write('<script type="text/javascript" src="http://ad4.netshelter.net/adj/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=' + ord + '?"><\/script>'); => Error: No automatic fix found for this entry.
//]]> => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
<noscript><a href="http://ad4.netshelter.net/jump/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=123456789?" target="_blank" ><img src="http://ad4.netshelter.net/ad/ns.bleepingcomputer/topics_bottom;ppos=btf;kw=;tile=1;sz=728x90,970x90,920x250;ord=123456789?" border="0" alt="" /></a></noscript> => Error: No automatic fix found for this entry.
<!-- end ad tag --> => Error: No automatic fix found for this entry.
</div></div> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                <ol class='breadcrumb bottom ipsList_inline left clearfix clear'> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                        <li>&nbsp;</li> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <li class='right ipsType_smaller'> => Error: No automatic fix found for this entry.
                        <a rel="nofollow" href='http://www.bleepingcomputer.com/privacy/'>Privacy Policy</a> => Error: No automatic fix found for this entry.
                    </li> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <li class='right ipsType_smaller'> => Error: No automatic fix found for this entry.
                            <a href='http://www.bleepingcomputer.com/forum-rules/'>Rules</a> &middot; => Error: No automatic fix found for this entry.
                        </li>     => Error: No automatic fix found for this entry.
                </ol> => Error: No automatic fix found for this entry.
            </div> => Error: No automatic fix found for this entry.
            <!-- ::: FOOTER (Change skin, language, mark as read, etc) ::: --> => Error: No automatic fix found for this entry.
            <div id='footer_utilities' class='main_width clearfix clear'> => Error: No automatic fix found for this entry.
                <a rel="nofollow" href='#top' id='backtotop' title='Go to top'><img src='http://www.bleepingcomputer.com/forums/public/style_images/master/top.png' alt='' /></a> => Error: No automatic fix found for this entry.
                <ul class='ipsList_inline left'> => Error: No automatic fix found for this entry.
                    <li> => Error: No automatic fix found for this entry.
                        <img src='http://www.bleepingcomputer.com/forums/public/style_images/master/feed.png' alt='RSS Feed' id='rss_feed' class='clickable' /> => Error: No automatic fix found for this entry.
                    </li> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                                <li> => Error: No automatic fix found for this entry.
                                    <a rel="nofollow" id='new_skin' href='#'>Change Theme</a>             => Error: No automatic fix found for this entry.
                                    <ul id='new_skin_menucontent' class='ipbmenu_content with_checks' style='display: none'> => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                            <li class='selected'> => Error: No automatic fix found for this entry.
                                                <a href='#' data-clicklaunch='changeSkin' data-skinid='7'>BleepingComputer.com</a> => Error: No automatic fix found for this entry.
                                            </li> => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                            <li > => Error: No automatic fix found for this entry.
                                                <a href='#' data-clicklaunch='changeSkin' data-skinid='8'>IPS Test</a> => Error: No automatic fix found for this entry.
                                            </li> => Error: No automatic fix found for this entry.
                                         => Error: No automatic fix found for this entry.
                                    </ul> => Error: No automatic fix found for this entry.
                                </li> => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <li> => Error: No automatic fix found for this entry.
                        <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=help" title='View help' rel="help" accesskey='6'>Help</a> => Error: No automatic fix found for this entry.
                    </li>                 => Error: No automatic fix found for this entry.
                </ul> => Error: No automatic fix found for this entry.
<div style="margin-top: 30px; clear: both;"> => Error: No automatic fix found for this entry.
<table width="100%" border="0" cellspacing="4" cellpadding="0"> => Error: No automatic fix found for this entry.
<tr> => Error: No automatic fix found for this entry.
<td align='center'> => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/advertise/" rel="nofollow">Advertise</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/about/" rel="nofollow">About Us</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/user-agreement/" rel="nofollow">User Agreement</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/privacy/" rel="nofollow">Privacy Policy</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/contact/" rel="nofollow">Contact Us</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/sitemap/">Sitemap</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/chat/" rel="nofollow">Chat</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="/tutorials/">Tutorials</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/uninstall/">Uninstall List</a> => Error: No automatic fix found for this entry.
</td> => Error: No automatic fix found for this entry.
</tr> => Error: No automatic fix found for this entry.
<tr> => Error: No automatic fix found for this entry.
<td align='center'> => Error: No automatic fix found for this entry.
<a href="/forums/">Discussion Forums</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="/glossary/">The Computer Glossary</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="/rss-feeds/">RSS Feeds</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="/startups">Startups</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="/filedb/">The File Database</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/virus-removal/">Virus Removal Guides</a> => Error: No automatic fix found for this entry.
&nbsp;&nbsp;|&nbsp;&nbsp; => Error: No automatic fix found for this entry.
<a href="http://www.bleepingcomputer.com/download/">Downloads</a> => Error: No automatic fix found for this entry.
</td> => Error: No automatic fix found for this entry.
</tr> => Error: No automatic fix found for this entry.
</table> => Error: No automatic fix found for this entry.
<br /> => Error: No automatic fix found for this entry.
<div align='center'> <font size="1">&#169;&nbsp;2004-2015 All Rights Reserved <a href="http://www.bleepingcomputer.com"> <b>Bleeping Computer LLC</b> </a>.</font><br> => Error: No automatic fix found for this entry.
<a href="/changelog/">Site Changelog</a> </div> => Error: No automatic fix found for this entry.
<br />                 => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
                <!-- Copyright Information --> => Error: No automatic fix found for this entry.
                  <p id='copyright'> => Error: No automatic fix found for this entry.
                      <a href='http://www.invisionpower.com/apps/board/' title='Community Forum Software by Invision Power Services'>Community Forum Software by IP.Board</a></p> => Error: No automatic fix found for this entry.
        <!-- / Copyright --> => Error: No automatic fix found for this entry.
            </div> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
                <script type="text/javascript"> => Error: No automatic fix found for this entry.
                    ipb.global.lightBoxIsOff(); => Error: No automatic fix found for this entry.
                </script> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
            <div id='inline_login_form' style="display:none"> => Error: No automatic fix found for this entry.
        <form action="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=login&amp;do=process" method="post" id='login'> => Error: No automatic fix found for this entry.
                <input type='hidden' name='auth_key' value='880ea6a14ea49e853634fbdc5015a024' /> => Error: No automatic fix found for this entry.
                <input type="hidden" name="referer" value="http://www.bleepingcomputer.com/forums/index.php?app=core&module=attach&section=attach&attach_id=161186" /> => Error: No automatic fix found for this entry.
                <h3>Sign In</h3> => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
                <br /> => Error: No automatic fix found for this entry.
                <div class='ipsForm ipsForm_horizontal'> => Error: No automatic fix found for this entry.
                    <fieldset> => Error: No automatic fix found for this entry.
                        <ul> => Error: No automatic fix found for this entry.
                            <li class='ipsField'> => Error: No automatic fix found for this entry.
                                <div class='ipsField_content'> => Error: No automatic fix found for this entry.
                                    Need an account? <a href="http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=register" title='Register now!'>Register now!</a> => Error: No automatic fix found for this entry.
                                </div> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                            <li class='ipsField ipsField_primary'> => Error: No automatic fix found for this entry.
                                <label for='ips_username' class='ipsField_title'>Username</label> => Error: No automatic fix found for this entry.
                                <div class='ipsField_content'> => Error: No automatic fix found for this entry.
                                    <input id='ips_username' type='text' class='input_text' name='ips_username' size='30' tabindex='0' /> => Error: No automatic fix found for this entry.
                                </div> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                            <li class='ipsField ipsField_primary'> => Error: No automatic fix found for this entry.
                                <label for='ips_password' class='ipsField_title'>Password</label> => Error: No automatic fix found for this entry.
                                <div class='ipsField_content'> => Error: No automatic fix found for this entry.
                                    <input id='ips_password' type='password' class='input_text' name='ips_password' size='30' tabindex='0' /><br /> => Error: No automatic fix found for this entry.
                                    <a href='http://www.bleepingcomputer.com/forums/index.php?app=core&amp;module=global&amp;section=lostpass' title='Retrieve password'>I've forgotten my password</a> => Error: No automatic fix found for this entry.
                                </div> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                            <li class='ipsField ipsField_checkbox'> => Error: No automatic fix found for this entry.
                                <input type='checkbox' id='inline_remember' checked='checked' name='rememberMe' value='1' class='input_check' tabindex='0' /> => Error: No automatic fix found for this entry.
                                <div class='ipsField_content'> => Error: No automatic fix found for this entry.
                                    <label for='inline_remember'> => Error: No automatic fix found for this entry.
                                        <strong>Remember me</strong><br /> => Error: No automatic fix found for this entry.
                                        <span class='desc lighter'>This is not recommended for shared computers</span> => Error: No automatic fix found for this entry.
                                    </label> => Error: No automatic fix found for this entry.
                                </div> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                                <li class='ipsField ipsField_checkbox'> => Error: No automatic fix found for this entry.
                                    <input type='checkbox' id='inline_invisible' name='anonymous' value='1' class='input_check' tabindex='0' /> => Error: No automatic fix found for this entry.
                                    <div class='ipsField_content'> => Error: No automatic fix found for this entry.
                                        <label for='inline_invisible'> => Error: No automatic fix found for this entry.
                                            <strong>Sign in anonymously</strong><br /> => Error: No automatic fix found for this entry.
                                            <span class='desc lighter'>Don't add me to the active users list</span> => Error: No automatic fix found for this entry.
                                        </label> => Error: No automatic fix found for this entry.
                                    </div> => Error: No automatic fix found for this entry.
                                </li> => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                            <li class='ipsPad_top ipsForm_center desc ipsType_smaller'> => Error: No automatic fix found for this entry.
                                <a rel="nofollow" href='http://www.bleepingcomputer.com/forums/privacypolicy/'>Privacy Policy</a> => Error: No automatic fix found for this entry.
                            </li> => Error: No automatic fix found for this entry.
                             => Error: No automatic fix found for this entry.
                        </ul> => Error: No automatic fix found for this entry.
                    </fieldset> => Error: No automatic fix found for this entry.
                     => Error: No automatic fix found for this entry.
                    <div class='ipsForm_submit ipsForm_center'> => Error: No automatic fix found for this entry.
                        <input type='submit' class='ipsButton' value='Sign In' tabindex='0' /> => Error: No automatic fix found for this entry.
                    </div> => Error: No automatic fix found for this entry.
                </div> => Error: No automatic fix found for this entry.
            </form> => Error: No automatic fix found for this entry.
    </div> => Error: No automatic fix found for this entry.
        </div> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        <script type='text/javascript'> => Error: No automatic fix found for this entry.
            if( $('primary_nav') ){    ipb.global.activateMainMenu(); } => Error: No automatic fix found for this entry.
        </script> => Error: No automatic fix found for this entry.
<script type="text/javascript"> => Error: No automatic fix found for this entry.
(function() { => Error: No automatic fix found for this entry.
var nstrack = document.createElement("script"), el_nstrack = document.getElementsByTagName("script")[0]; nstrack.async = true; => Error: No automatic fix found for this entry.
nstrack.src = "http://track.netshelter.net/async/js/sites/bleepingcomputer.com-async.js"; => Error: No automatic fix found for this entry.
el_nstrack.parentNode.insertBefore(nstrack, el_nstrack); => Error: No automatic fix found for this entry.
})(); => Error: No automatic fix found for this entry.
</script> => Error: No automatic fix found for this entry.
    </body> => Error: No automatic fix found for this entry.
</html> => Error: No automatic fix found for this entry.

==== End of Fixlog 14:39:05 ====



#5 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 02 February 2015 - 02:50 PM

No clue as to the IPs.  Running new scan now.  Will post in a minute....



#6 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 02 February 2015 - 02:53 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by dcano_000 (administrator) on MOMS on 02-02-2015 14:48:32
Running from C:\Users\dcano_000\Desktop
Loaded Profiles: dcano_000 (Available profiles: dcano_000 & joshm_000 & webst_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [WD UDS Control Center] => C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe [19841536 2012-04-18] ()
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Anvi AD Blocker] => C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-14] (Anvisoft)
HKLM-x32\...\Run: [ADBlocker] => C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-14] (Anvisoft)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [Amazon Music] => C:\Users\dcano_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\RunOnce: [Uninstall C:\Users\dcano_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dcano_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\MountPoints2: {0710c831-8f84-11e4-bee8-0025ab2680d4} - "E:\setup.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\dcano_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E18E5DDE-E103-4BC2-99DE-10795ABEE2C8}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF ProfilePath: C:\Users\dcano_000\AppData\Roaming\Mozilla\Firefox\Profiles\xeg7j064.default-1419253661310
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1553020140-4172482893-2706831263-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\dcano_000\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Adblock Plus - C:\Users\dcano_000\AppData\Roaming\Mozilla\Firefox\Profiles\xeg7j064.default-1419253661310\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-06]
CHR Extension: (YouTube) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-06]
CHR Extension: (Google Cast) - C:\Users\dcano_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [314064 2013-06-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asdnet; C:\WINDOWS\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-02] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-01-30] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WDUDSMBus; C:\Windows\SysWow64\Drivers\WDUDSMBus.sys [105568 2012-04-16] (Windows ® Codename Longhorn DDK provider)
S3 WDUDSTcpBus; C:\Windows\SysWow64\Drivers\WDUDSTcpBus.sys [174176 2012-04-16] (Windows ® Codename Longhorn DDK provider)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 14:48 - 2015-02-02 14:48 - 00020893 _____ () C:\Users\dcano_000\Desktop\FRST.txt
2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\dcano_000\Desktop\FRST-OlderVersion
2015-02-02 14:29 - 2015-02-02 14:30 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-19-29-37.035-AvastVBoxSVC.exe-2768.log
2015-01-31 11:16 - 2015-01-31 11:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-16-16-22.055-AvastVBoxSVC.exe-2884.log
2015-01-31 11:09 - 2015-01-31 11:09 - 00001736 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 11:09 - 2015-01-31 11:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-30 17:46 - 2015-01-30 17:46 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2015-01-30 17:46 - 2015-01-30 17:46 - 00350160 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-01-30 17:46 - 2015-01-30 17:46 - 00152808 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2015-01-30 17:46 - 2015-01-30 17:46 - 00001074 _____ () C:\Users\dcano_000\Desktop\MWAVSCAN.lnk
2015-01-30 17:46 - 2015-01-30 17:46 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-01-30 17:40 - 2015-01-30 17:42 - 216155864 _____ () C:\Users\dcano_000\Downloads\mwav.exe
2015-01-30 15:46 - 2015-01-30 15:46 - 00001120 _____ () C:\Users\dcano_000\Downloads\ESETScan.txt
2015-01-29 19:37 - 2015-01-29 19:37 - 02347384 _____ (ESET) C:\Users\dcano_000\Downloads\esetsmartinstaller_enu(1).exe
2015-01-29 19:37 - 2015-01-29 19:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-29 18:10 - 2015-01-29 18:10 - 00000921 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\Users\dcano_000\AppData\Roaming\9-lab
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\Program Files\9-lab
2015-01-29 18:09 - 2015-01-29 18:09 - 06003400 _____ () C:\Users\dcano_000\Downloads\rmtool-setup-x64.exe
2015-01-29 18:08 - 2015-01-29 18:09 - 00000197 _____ () C:\WINDOWS\system32\2015-01-29-23-08-23.001-AvastVBoxSVC.exe-4388.log
2015-01-29 18:03 - 2015-01-29 18:04 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-01-28 06:43 - 2015-01-28 06:44 - 00000247 _____ () C:\WINDOWS\system32\2015-01-28-11-43-47.070-aswFe.exe-3772.log
2015-01-28 06:38 - 2015-01-28 06:43 - 00000247 _____ () C:\WINDOWS\system32\2015-01-28-11-38-25.097-aswFe.exe-2784.log
2015-01-28 06:38 - 2015-01-28 06:38 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-11-38-23.021-AvastVBoxSVC.exe-5900.log
2015-01-28 06:00 - 2015-01-28 06:00 - 00852573 _____ () C:\Users\dcano_000\Downloads\SecurityCheck.exe
2015-01-27 19:24 - 2015-01-27 19:24 - 16466552 _____ (Malwarebytes Corp.) C:\Users\dcano_000\Downloads\mbar-1.08.3.1004.exe
2015-01-27 16:12 - 2015-01-29 21:28 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-27 16:12 - 2015-01-27 16:12 - 00753184 _____ () C:\Users\dcano_000\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-27 16:12 - 2015-01-27 16:12 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-01-27 15:56 - 2015-02-02 14:28 - 00000424 _____ () C:\WINDOWS\setupact.log
2015-01-27 15:56 - 2015-01-27 15:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-27-20-56-51.054-AvastVBoxSVC.exe-3004.log
2015-01-27 15:56 - 2015-01-27 15:56 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-27 15:54 - 2015-02-02 14:28 - 00005626 _____ () C:\WINDOWS\PFRO.log
2015-01-27 15:43 - 2015-01-27 15:43 - 02194432 _____ () C:\Users\dcano_000\Downloads\adwcleaner_4.109.exe
2015-01-27 15:37 - 2015-01-27 15:38 - 01707939 _____ (Thisisu) C:\Users\dcano_000\Downloads\JRT(1).exe
2015-01-27 15:32 - 2015-01-27 15:34 - 00030867 _____ () C:\Users\dcano_000\Downloads\Result.txt
2015-01-27 15:31 - 2015-01-27 15:31 - 00401920 _____ (Farbar) C:\Users\dcano_000\Downloads\MiniToolBox.exe
2015-01-26 17:35 - 2015-02-02 14:34 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-01-19 11:46 - 2015-01-19 11:46 - 00000000 ____D () C:\Users\dcano_000\Desktop\TransUnion_files
2015-01-16 21:30 - 2015-01-16 21:30 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-14 21:08 - 2015-01-14 21:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-02-08-42.039-AvastVBoxSVC.exe-2960.log
2015-01-14 21:02 - 2015-01-14 21:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-02-02-43.034-AvastVBoxSVC.exe-2948.log
2015-01-13 14:14 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 14:14 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 14:14 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 14:14 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 14:14 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 14:14 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 14:14 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 14:14 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 14:14 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:14 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 14:14 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 14:14 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 14:14 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 14:14 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 14:14 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 14:14 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 14:14 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 14:14 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 14:14 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 14:14 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 14:14 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 14:14 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 14:14 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 13:51 - 2015-01-11 13:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-11-18-51-03.031-AvastVBoxSVC.exe-1504.log
2015-01-11 13:07 - 2015-01-11 13:07 - 02191360 _____ () C:\Users\dcano_000\Downloads\AdwCleaner(1).exe
2015-01-06 16:15 - 2015-01-06 16:16 - 00000197 _____ () C:\WINDOWS\system32\2015-01-06-21-15-59.002-AvastVBoxSVC.exe-2244.log
2015-01-05 14:34 - 2015-01-05 14:34 - 00000000 __SHD () C:\Users\dcano_000\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 14:48 - 2014-11-17 19:44 - 00000000 ____D () C:\FRST
2015-02-02 14:43 - 2013-03-10 00:09 - 00000000 ____D () C:\Users\dcano_000\AppData\Local\Packages
2015-02-02 14:42 - 2013-04-01 15:51 - 00000000 ____D () C:\Users\dcano_000\Documents\Outlook Files
2015-02-02 14:40 - 2014-02-09 13:52 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 14:40 - 2013-04-20 12:34 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMS-dcano_000 Moms
2015-02-02 14:39 - 2014-12-15 14:09 - 02131456 _____ (Farbar) C:\Users\dcano_000\Desktop\FRST64.exe
2015-02-02 14:32 - 2014-12-24 01:48 - 01261766 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-02 14:30 - 2014-02-09 13:52 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 14:30 - 2013-04-20 12:34 - 00000000 ___DO () C:\Users\dcano_000\SkyDrive
2015-02-02 14:29 - 2014-05-25 12:36 - 00000000 ____D () C:\temp
2015-02-02 14:29 - 2013-03-23 07:24 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-02 14:28 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-02 14:27 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-02 14:25 - 2014-12-28 15:07 - 02131456 _____ (Farbar) C:\Users\dcano_000\Downloads\FRST64.exe
2015-02-02 14:25 - 2014-12-24 00:58 - 00000000 ____D () C:\Users\dcano_000\Downloads\FRST-OlderVersion
2015-02-02 14:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-02 13:54 - 2014-01-12 09:33 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{81EF39A2-8D16-46FF-8B64-DF49A1D9A374}
2015-02-02 13:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-01 09:09 - 2013-03-10 00:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1553020140-4172482893-2706831263-1001
2015-01-31 15:54 - 2014-12-24 00:59 - 00040011 _____ () C:\Users\dcano_000\Downloads\FRST.txt
2015-01-31 11:13 - 2014-11-06 16:48 - 00000000 ____D () C:\Users\dcano_000\Documents\D2Travel
2015-01-31 11:09 - 2014-09-28 20:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-30 18:58 - 2013-12-30 01:10 - 00000000 ____D () C:\Users\dcano_000\Documents\Labels
2015-01-30 17:49 - 2013-04-14 11:59 - 00000000 ____D () C:\Users\dcano_000\Documents\MMP Travel
2015-01-30 17:47 - 2012-07-26 00:26 - 00000576 _____ () C:\WINDOWS\win.ini
2015-01-30 17:02 - 2013-04-13 10:47 - 00000000 ____D () C:\Users\dcano_000\Desktop\MMP Travel
2015-01-29 18:06 - 2014-09-25 22:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-28 05:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-28 05:52 - 2014-11-09 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-27 19:25 - 2014-07-21 14:28 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 19:25 - 2014-07-21 14:28 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-27 15:56 - 2013-03-10 14:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-27 15:52 - 2014-11-17 18:54 - 00000000 ____D () C:\AdwCleaner
2015-01-26 17:38 - 2013-03-10 14:13 - 00003720 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-26 17:19 - 2013-03-10 14:24 - 00000805 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 17:19 - 2013-03-10 14:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 17:03 - 2013-12-20 08:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 15:20 - 2014-12-12 14:49 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-12-12 14:49 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 03:17 - 2013-07-23 07:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-18 03:02 - 2013-03-11 18:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-16 21:56 - 2013-11-14 02:28 - 00883984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 18:55 - 2014-01-05 18:11 - 00000000 ____D () C:\Users\dcano_000

==================== Files in the root of some directories =======

2014-03-02 11:30 - 2014-03-02 11:31 - 0003584 _____ () C:\Users\dcano_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-31 21:35 - 2013-05-31 21:35 - 0003966 _____ () C:\Users\dcano_000\AppData\Local\recently-used.xbel
2014-10-26 20:12 - 2014-10-26 20:12 - 0000017 _____ () C:\Users\dcano_000\AppData\Local\resmon.resmoncfg
2014-05-24 16:37 - 2014-01-06 13:01 - 0010240 _____ () C:\Users\dcano_000\AppData\Local\Z@!-5fffb76e-a299-459b-b3bb-14ad1040f48f.tmp
2014-05-24 16:37 - 2014-01-06 13:01 - 0010240 _____ () C:\Users\dcano_000\AppData\Local\Z@!-a498005f-eddf-4b79-be93-d02f71123a84.tmp
2014-05-24 16:37 - 2014-01-06 13:01 - 0009216 _____ () C:\Users\dcano_000\AppData\Local\Z@S!-e5d292ce-23ca-4395-8a40-2a707f6f42a0.tmp
2014-05-05 19:45 - 2014-05-05 19:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-10 17:56 - 2012-11-10 17:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-04 14:01 - 2014-11-23 05:32 - 0014429 _____ () C:\ProgramData\hpzinstall.log
2014-01-31 10:38 - 2012-02-21 08:44 - 0120831 _____ () C:\ProgramData\MyNetDashboard.ico
2014-01-31 10:38 - 2012-02-21 08:45 - 0122493 _____ () C:\ProgramData\WDInternetSecurityAndParentalControl.ico

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================


Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by dcano_000 at 2015-02-02 14:50:43
Running from C:\Users\dcano_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Premium C310 All-in-One Driver Software 14.0 Rel. 7 (HKLM\...\{131D8ED6-4864-4554-9BAB-09B47C232522}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCare Data Recovery Standard (HKLM-x32\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.1.0.0 - Kroll Ontrack Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
WD Print Share (HKLM-x32\...\{6F4D365D-0440-4C01-B539-70D56EBED6AF}) (Version: 2.25 - WD Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1553020140-4172482893-2706831263-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dcano_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

17-01-2015 03:44:54 Windows Update
22-01-2015 20:33:02 Windows Update
28-01-2015 05:54:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-30 19:02 - 2015-01-30 19:02 - 00000736 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17B75EED-6C24-4FAC-B61E-B01E5384D5F1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1553020140-4172482893-2706831263-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {213DDC83-8581-412B-8449-DAC79CE59F64} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3EBA38B1-7B60-4042-9718-385398082D8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {461CAF7F-F1CC-48C1-B9F7-8B198466709A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {5954C496-0608-425C-AB31-25DBEA88540F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {5B00D83C-F17F-44F9-B768-4CF43E7363D1} - System32\Tasks\HP AR Program Upload - 669fbe015968497ca36e6efb5c70ad2cc179ce6f4188487ba57b83c0e3d89757 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9932B4BB-9830-4615-85D6-3D4A395F921A} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {99ADBDB9-FD1F-472A-B89F-8C7E530B9306} - System32\Tasks\HP AR Program Upload - f0e57505f07b48e0a00974d077f067f0bcf04c0d54084c2a9fef094f3e936a0d => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9F66F4E9-FB8A-4614-91A2-4F5E84DEA23D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {A005E3DB-D5C4-4A3F-B774-03372322E6D6} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {B3B88923-1215-40BA-A010-73FF2078C949} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {B47901B7-7CFB-4D77-B8A8-86932A0A8307} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {C7F62D03-029B-4017-A899-4173CB8AEA59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01] (AVAST Software)
Task: {D2226573-04F9-4FD8-A32C-B01591E2C65F} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D29454A9-A780-4A24-8C5E-01F10BFA3AF6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMS-dcano_000 Moms => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {D6ADEDE1-8301-4C16-B57A-BD05883D0BF6} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {E423401F-8030-4ABF-958A-A8DAC2753019} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F757C182-5B56-4D61-BAC7-2935B0B8AA03} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {FD1F30D0-DD7F-4CB7-856F-D98A8E9E0F36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-14 02:00 - 2013-06-14 02:00 - 00314064 _____ () C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-27 20:04 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-10 17:56 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2011-12-06 16:00 - 2011-12-06 16:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2014-12-01 17:58 - 2014-12-01 17:58 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-01 17:58 - 2014-12-01 17:58 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-19 14:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-29 09:00 - 2014-10-29 09:00 - 03752208 _____ () C:\Program Files\9-lab\Removal Tool\shellext.dll
2011-12-06 16:00 - 2011-12-06 16:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2012-11-10 17:56 - 2011-05-17 16:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-02-02 06:57 - 2015-02-02 06:57 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020200\algo.dll
2014-12-01 17:59 - 2014-12-01 17:59 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-02 14:29 - 2015-02-02 14:29 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020201\algo.dll
2013-06-14 02:00 - 2013-06-14 02:00 - 00785104 _____ () C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\sqlite3.dll
2012-11-10 17:56 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2014-12-01 18:00 - 2014-12-01 18:00 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-19 14:13 - 2014-11-19 14:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2012-11-10 17:54 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-20 08:32 - 2015-01-26 17:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-19 14:10 - 2014-11-19 14:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2014-12-24 01:28 - 2014-11-18 09:26 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dcano_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\webst_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SearchProtectAll"
HKLM\...\StartupApproved\Run32: => "Lenovo Eye Distance System"
HKLM\...\StartupApproved\Run32: => "Lenovo Dynamic Brightness System"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "WD UDS Control Center"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Anvi AD Blocker"
HKLM\...\StartupApproved\Run32: => "ADBlocker"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - .lnk"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\Run: => "SearchProtect"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-1553020140-4172482893-2706831263-1001\...\StartupApproved\Run: => "Amazon Music"

========================= Accounts: ==========================

Administrator (S-1-5-21-1553020140-4172482893-2706831263-500 - Administrator - Disabled)
dcano_000 (S-1-5-21-1553020140-4172482893-2706831263-1001 - Administrator - Enabled) => C:\Users\dcano_000
Guest (S-1-5-21-1553020140-4172482893-2706831263-501 - Limited - Disabled)
joshm_000 (S-1-5-21-1553020140-4172482893-2706831263-1004 - Limited - Enabled) => C:\Users\joshm_000
webst_000 (S-1-5-21-1553020140-4172482893-2706831263-1006 - Limited - Enabled) => C:\Users\webst_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 02:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x9f8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71601453

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71601453

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71600125

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71600125

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71598922

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71598922

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/02/2015 02:45:52 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:35:25 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:34:13 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:05 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:05 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:04 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:04 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:03 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:29:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (02/02/2015 02:26:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (02/02/2015 02:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014259f801d03f1f15921272C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll24d72672-ab13-11e4-bef1-0025ab2680d4

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71601453

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71601453

Error: (02/02/2015 07:19:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71600125

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71600125

Error: (02/02/2015 07:19:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71598922

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71598922

Error: (02/02/2015 07:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 14:24:10.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:09.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:09.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:07.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:07.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:06.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:06.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G645 @ 2.90GHz
Percentage of memory in use: 65%
Total physical RAM: 3980.48 MB
Available physical RAM: 1376.24 MB
Total Pagefile: 6540.48 MB
Available Pagefile: 3883.81 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:747.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C8E8AE5A)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 04 February 2015 - 12:17 PM

Hello dcanoli,

 

Thank you for the provided logs. The content of the fixlog.txt is quite different from the standard although it looks that the fix did its job. How is your system running now? Are the redirects still present on the system? Are there any additional problems that you are experiencing?

 

********************

 

Please, follow the steps in this article to set Google DNS for the current network configuration. Using this, we will remove the unknown DNS addresses that have been set. After you finish the steps, restart the system and see if the problem is still present.

 

********************

 

Please, start Malwarebytes' Anti-Malware.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Click on Quarantine All and then choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 
After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
 
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

********************

 

In your next post I will be waiting for:

  • Answers to my questions above.
  • Feedback from the change of the DNS settings.
  • Log from Malwarebytes' Anti-Malware

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#8 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 05 February 2015 - 05:46 AM

Hi there.

 

I am out to work early this morning, but will look at this and do when I get back home this afternoon.

 

Yes, still have redirects.  :(

 

My 15yo is a techy guy, and he has reset the router twice (as directed) and also can't figure out where this stuff is coming from.  No one else's computers have it in the house.

 

Just got another redirect this morning while working on a travel quote for work.  So annoying.

 

Thanks for your help.  I will be in touch after I do the above.



#9 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 05 February 2015 - 02:18 PM

Hello dcanoli,

 

I will be waiting for the additional information. You are doing great job so far!


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#10 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 06 February 2015 - 04:25 PM

DNS changed; running MW now....



#11 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 06 February 2015 - 05:30 PM

No log.  It said no malicious malware found.  Will let you know what redirects happen or selling stuff embeds in my pages...



#12 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 07 February 2015 - 11:55 AM

Hello dcanoli,

 

I will be waiting for the results. If the problem is still present, can you please give me an example of the redirect that is happening. Does it appear when accessing different addresses, including Google, Bing, Yahoo or only on a certain range/type of sites?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#13 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 07 February 2015 - 01:23 PM

Today, so far, no redirects.  Will post if any come up over the day.

 

The redirects can happen on any sites.  I can just click on a page - anywhere, not just a clickable link - and it will redirect.  On pages, like Walmart for example, it puts rectangular boxes at the top and bottom advertising products and prices....

 

Nothing yet since I've changed the DNS addresses....will let you know.  :)

 

I hope that was an easy fix!!!  :D



#14 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 09 February 2015 - 03:01 PM

Hello dcanoli,

 

Is the problem still present or you haven't experienced any problems so far after the last steps you did?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#15 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:33 PM

Posted 09 February 2015 - 06:42 PM

I wasn't on all day yesterday or today.  Will let you know....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users