Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win8.1, Hard drive 100% utilization, cannot access AV setting


  • This topic is locked This topic is locked
19 replies to this topic

#1 gavtek303

gavtek303

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 13 February 2015 - 08:40 PM

hello. I've always been able to solve my own malware issues until now. Need some help from the pros, please. PC grinds to a halt while the HD spins ans spins. I can't access any setting in the builtin antivirus & anti malware. Booting into safe mode is the only to get anythinG done. Here's Fest.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Gavin (administrator) on GAVTEK-LAPTOP on 13-02-2015 19:19:25
Running from C:\Users\Gavin\Desktop\malware tools
Loaded Profiles: Gavin (Available profiles: Gavin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [Google Update] => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleChromeAutoLaunch_0477114E6D4D5C6A3EC1F4BBA6E33D15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1223 2015-02-12] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20121105-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/O1DPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: MyWordTool - C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default\Extensions\emily@wilford.biz [2013-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://homesite.athomehealth.org/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Pushbullet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-05]
CHR Extension: (Google Search) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Play Music) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-02-08]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2014-09-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-08]
CHR Extension: (Motorola Connect) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-01-13]
CHR Extension: (Smooth Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-02-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-01]
CHR Extension: (Hangouts) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-16]
CHR Extension: (Save to Pocket) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-27]
CHR Extension: (Gmail) - C:\Users\Gavin\AppDataAttached File  Addition.txt   19.75KB   1 downloads

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Gavin at 2015-02-13 19:21:06
Running from C:\Users\Gavin\Desktop\malware tools
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ChromecastApp (HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Dell System Detect (HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.217 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 13 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Java SE Development Kit 7 Update 13 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2661224893-1148045757-344198336-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2661224893-1148045757-344198336-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4EDCBEEF-821B-49A7-A3E6-EAB7EF6F8CAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-17] (Microsoft Corporation)
Task: {5AB5464A-AE27-4BA6-B6CB-D6AC45598268} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {5B408386-7320-4AD4-AE69-2BA7FF33F344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {A106CE8E-7285-42DF-8534-94D01920BCF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {A6FF3FE8-53A1-4158-9BB2-1ECCF14EF4B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {B9BF6D65-7158-4B17-ABD6-79DAEABF4456} - System32\Tasks\{7A44FE7F-5D38-46F3-A1C8-E271E9CA97A7} => pcalua.exe -a "C:\Users\Gavin\Documents\GameFly\games\Eidos Interactive\Hitman - Blood Money\Uninstall.exe"
Task: {D052C709-F0CB-4E7F-930E-535EE827C82D} - System32\Tasks\{ECBB7963-F9FC-417F-9665-5D98CCF16B5E} => pcalua.exe -a C:\Users\Gavin\Downloads\SRS_PREMIUM-SOUND_A01_R215766.exe -d C:\Users\Gavin\Downloads
Task: {E3D57C99-3C74-477F-8D6E-054EB6EB6E05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {EC70D938-E1F8-4046-993B-65094825CEB7} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2661224893-1148045757-344198336-1000
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core.job => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA.job => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-11 06:24 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-11 06:24 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-11 06:24 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gavin\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gavin\Google Drive\JPG\Untitled_HDR3.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SSUService => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDVD9LanguageShortcut"
HKLM\...\StartupApproved\Run32: => "RemoteControl9"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
HKLM\...\StartupApproved\Run32: => "Agile1pAgent"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\StartupFolder: => "Launch Jawbone Updater.lnk"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "BackgroundSwitcher"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0477114E6D4D5C6A3EC1F4BBA6E33D15"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\StartupApproved\Run: => "AirDroid 3"

==================== Accounts: =============================

Administrator (S-1-5-21-2661224893-1148045757-344198336-500 - Administrator - Disabled)
Gavin (S-1-5-21-2661224893-1148045757-344198336-1000 - Administrator - Enabled) => C:\Users\Gavin
Guest (S-1-5-21-2661224893-1148045757-344198336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661224893-1148045757-344198336-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 07:12:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GAVTEK-LAPTOP)
Description: Activation of app FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy:Microsoft.Windows.PhotoManager failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/13/2015 07:21:26 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:26 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:16 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:16 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:16 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/13/2015 07:21:08 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:08 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:07 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:07 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/13/2015 07:21:07 PM) (Source: DCOM) (EventID: 10005) (User: GAVTEK-LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (02/13/2015 07:12:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GAVTEK-LAPTOP)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy:Microsoft.Windows.PhotoManager-2144927149


CodeIntegrity Errors:
===================================
Date: 2015-02-09 03:12:48.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:48.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:48.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:48.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:48.005
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:47.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:47.809
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:47.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:47.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-09 03:12:47.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 4003.18 MB
Available physical RAM: 2697.52 MB
Total Pagefile: 6307.18 MB
Available Pagefile: 4477.03 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:167.83 GB) NTFS
Drive d: (gavTEK) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6F354436)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My!, 20 February 2015 - 07:29 PM.
Posted Addition.txt


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:42 PM

Posted 15 February 2015 - 02:29 PM

That's not the full log. :) Please repost.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 15 February 2015 - 03:11 PM

mobile fail.  Thanks for the heads-up!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Gavin (administrator) on GAVTEK-LAPTOP on 13-02-2015 19:19:25
Running from C:\Users\Gavin\Desktop\malware tools
Loaded Profiles: Gavin (Available profiles: Gavin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [Google Update] => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleChromeAutoLaunch_0477114E6D4D5C6A3EC1F4BBA6E33D15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1223 2015-02-12] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF ProfilePath: C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20121105-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/O1DPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: MyWordTool - C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default\Extensions\emily@wilford.biz [2013-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://homesite.athomehealth.org/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Pushbullet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-05]
CHR Extension: (Google Search) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Play Music) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-02-08]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2014-09-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-08]
CHR Extension: (Motorola Connect) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-01-13]
CHR Extension: (Smooth Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-02-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-01]
CHR Extension: (Hangouts) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-16]
CHR Extension: (Save to Pocket) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-27]
CHR Extension: (Gmail) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gavin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]
CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2014-01-06] (http://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\219F60EE.sys [129752 2015-02-12] (Malwarebytes Corporation)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-07-16] (Splashtop Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 19:16 - 2015-02-13 19:19 - 00000000 ____D () C:\Users\Gavin\Desktop\malware tools
2015-02-13 00:45 - 2015-02-13 00:45 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-12 22:54 - 2015-02-12 22:55 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT (1).exe
2015-02-12 22:51 - 2015-02-12 22:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\219F60EE.sys
2015-02-12 22:47 - 2015-02-13 07:06 - 00004731 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 22:45 - 2015-02-12 22:45 - 02112512 _____ () C:\Users\Gavin\Downloads\adwcleaner_4.110.exe
2015-02-12 22:36 - 2015-02-12 22:36 - 00317620 _____ () C:\WINDOWS\PFRO.log
2015-02-12 22:07 - 2015-02-12 22:07 - 00325284 _____ () C:\Users\Gavin\Documents\cc_20150212_220710.reg
2015-02-12 22:02 - 2015-02-12 22:02 - 05325208 _____ (Piriform Ltd) C:\Users\Gavin\Downloads\ccsetup502.exe
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\LavasoftStatistics
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Ad-Aware Antivirus
2015-02-12 20:36 - 2015-02-12 22:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-12 20:36 - 2015-02-12 20:36 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online (1).exe
2015-02-12 20:33 - 2015-02-12 20:33 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online.exe
2015-02-11 23:49 - 2015-02-12 19:03 - 00000000 ____D () C:\Users\Gavin\Desktop\wedding
2015-02-11 07:35 - 2015-02-11 13:08 - 00009024 _____ () C:\Users\Gavin\Downloads\hijackthis.log
2015-02-10 22:40 - 2015-02-10 22:40 - 00000872 _____ () C:\Users\Gavin\Documents\Downloads - Shortcut.lnk
2015-02-10 22:31 - 2015-02-10 22:31 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT.exe
2015-02-10 22:28 - 2015-02-12 22:47 - 00000000 ____D () C:\AdwCleaner
2015-02-10 22:28 - 2015-02-10 22:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Gavin\Downloads\rkill.com
2015-02-10 22:27 - 2015-02-10 22:27 - 02112512 _____ () C:\Users\Gavin\Downloads\AdwCleaner.exe
2015-02-10 22:19 - 2015-02-10 22:20 - 00027289 _____ () C:\Users\Gavin\Downloads\Addition.txt
2015-02-10 22:17 - 2015-02-13 19:19 - 00000000 ____D () C:\FRST
2015-02-10 22:17 - 2015-02-10 22:20 - 00027111 _____ () C:\Users\Gavin\Downloads\FRST.txt
2015-02-10 22:17 - 2015-02-10 22:17 - 02132992 _____ (Farbar) C:\Users\Gavin\Downloads\FRST64.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST-1.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST.exe
2015-02-10 22:02 - 2015-02-10 22:02 - 00000000 ____D () C:\Users\Gavin\Downloads\backups
2015-02-10 22:00 - 2015-02-10 22:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis (1).exe
2015-02-09 23:09 - 2015-02-09 23:28 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-09 22:09 - 2015-02-09 22:09 - 00045315 _____ () C:\Users\Gavin\Downloads\bright_young_things.zip
2015-02-09 22:07 - 2015-02-09 22:07 - 00030442 _____ () C:\Users\Gavin\Downloads\heart_breaking_bad.zip
2015-02-09 22:04 - 2015-02-09 22:04 - 00036079 _____ () C:\Users\Gavin\Downloads\jane_austen.zip
2015-02-09 22:03 - 2015-02-09 22:03 - 00000000 ____D () C:\Users\Gavin\Downloads\angilla_tattoo
2015-02-09 22:02 - 2015-02-09 22:02 - 01601055 _____ () C:\Users\Gavin\Downloads\angilla_tattoo.zip
2015-02-09 21:57 - 2015-02-09 21:57 - 00110843 _____ () C:\Users\Gavin\Downloads\jellyka_saint_andrews_queen.zip
2015-02-09 19:27 - 2015-02-09 19:27 - 00000000 ____D () C:\Users\Gavin\Desktop\batch_test
2015-02-09 19:11 - 2015-02-09 19:19 - 00000000 ____D () C:\Users\Gavin\Desktop\bridge
2015-02-08 14:38 - 2015-02-08 14:38 - 10040168 _____ (AgileBits ) C:\Users\Gavin\Downloads\1Password-4.1.0.538.exe
2015-02-08 13:09 - 2015-02-08 13:09 - 15698560 _____ (Magisto) C:\Users\Gavin\Downloads\MagistoInstaller_1.0.665.exe
2015-02-08 01:46 - 2015-02-08 01:46 - 00001247 _____ () C:\Users\Gavin\Downloads\TimeLapseBlog.atn
2015-02-07 16:07 - 2015-02-10 23:37 - 00000000 ____D () C:\Users\Gavin\Desktop\dslr
2015-02-07 15:55 - 2015-02-07 15:55 - 07239531 _____ () C:\Users\Gavin\Desktop\Photos2.zip
2015-02-06 01:53 - 2015-02-06 01:53 - 00000000 ____D () C:\Users\Gavin\Desktop\ff
2015-02-03 01:06 - 2015-02-03 01:06 - 00000000 ____D () C:\Users\Gavin\Documents\Adobe
2015-02-02 23:12 - 2015-02-12 22:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 23:12 - 2015-02-02 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2015-02-02 23:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-02 23:10 - 2015-02-02 23:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gavin\Documents\mbam-setup-2.0.4.1028.exe
2015-02-02 22:36 - 2015-02-10 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-02 22:18 - 2015-02-02 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis.exe
2015-02-02 07:26 - 2015-02-02 07:35 - 00000000 ____D () C:\bbeebc595c1b123d24b43df1
2015-02-01 03:02 - 2015-02-01 03:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\248B7743.sys
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Whiteboard
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Presenter
2015-01-31 19:49 - 2015-01-31 21:26 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-01-31 10:50 - 2015-02-10 23:52 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 08:40 - 2015-01-18 08:40 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-18 03:01 - 2015-01-31 21:52 - 00000000 ____D () C:\Users\Gavin\Desktop\light
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 19:12 - 2014-07-18 18:56 - 00000000 ____D () C:\Users\Gavin\Desktop\National Recovery Agency - Receipt_files
2015-02-12 22:05 - 2014-03-02 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-12 22:05 - 2013-10-17 20:46 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-12 20:17 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 20:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 19:46 - 2013-04-06 12:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 19:28 - 2012-04-25 18:25 - 00000000 ___RD () C:\Users\Gavin\Google Drive
2015-02-12 19:07 - 2012-10-28 03:06 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 19:01 - 2012-10-28 03:06 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 18:55 - 2012-10-28 03:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2661224893-1148045757-344198336-1000
2015-02-11 20:57 - 2014-11-01 07:55 - 00000000 ____D () C:\WINDOWS\pss
2015-02-11 13:49 - 2013-10-17 18:43 - 00000000 __RDO () C:\Users\Gavin\SkyDrive
2015-02-11 13:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 07:48 - 2012-10-28 03:05 - 00527360 ___SH () C:\Users\Gavin\Desktop\Thumbs.db
2015-02-11 07:32 - 2012-10-28 02:57 - 00000000 ____D () C:\Users\Gavin\AppData\Local\VirtualStore
2015-02-11 00:00 - 2012-11-03 11:05 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core.job
2015-02-10 23:57 - 2014-10-28 19:22 - 00003910 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 23:57 - 2013-04-06 12:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-10 23:57 - 2012-11-03 11:05 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA
2015-02-10 23:57 - 2012-11-03 11:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA.job
2015-02-10 23:56 - 2012-11-03 11:05 - 00003502 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core
2015-02-10 23:56 - 2012-10-28 03:06 - 00003674 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 22:52 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 22:38 - 2013-08-22 08:44 - 04963432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-08 13:36 - 2012-10-28 02:58 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Adobe
2015-02-06 14:16 - 2012-10-28 09:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-02 17:52 - 2013-10-17 17:54 - 00000000 ____D () C:\Users\Gavin
2015-02-02 14:16 - 2014-08-18 17:04 - 00007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2015-02-01 10:36 - 2013-08-25 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-01 10:22 - 2012-10-28 03:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-01 10:17 - 2012-10-28 16:18 - 00000000 ____D () C:\ProgramData\Apple
2015-02-01 10:01 - 2013-04-30 19:59 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Cyberlink
2015-02-01 09:51 - 2014-03-04 20:21 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\gnupg
2015-02-01 07:34 - 2014-08-13 19:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-31 21:32 - 2013-10-04 06:42 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Unity
2015-01-31 21:17 - 2012-11-18 14:23 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-31 20:45 - 2013-08-12 21:58 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2015-01-31 15:34 - 2012-12-22 11:09 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Mozilla
2015-01-31 10:56 - 2012-10-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2012-11-07 16:49 - 2012-11-07 16:49 - 0001110 _____ () C:\Program Files (x86)\InstLog.txt
2015-02-13 00:45 - 2015-02-13 00:45 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-09 23:09 - 2015-02-09 23:28 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-19 18:57 - 2014-01-21 19:30 - 0001456 _____ () C:\Users\Gavin\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-25 11:37 - 2013-08-25 11:37 - 0004608 _____ () C:\Users\Gavin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 17:04 - 2015-02-02 14:16 - 0007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2014-11-20 18:55 - 2015-01-12 06:01 - 0659055 _____ () C:\Users\Gavin\AppData\Local\soulseek-client.dat
 
Some content of TEMP:
====================
C:\Users\Gavin\AppData\Local\Temp\21ac6151-c03d-4651-87a9-7a7d0174abc0.exe
C:\Users\Gavin\AppData\Local\Temp\Quarantine.exe
C:\Users\Gavin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-11 13:43
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:42 PM

Posted 16 February 2015 - 04:37 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 16 February 2015 - 07:12 PM

Thanks for taking time to assist me.  Here's the logs you requested:
 
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 12:46:37
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Gavin - GAVTEK-LAPTOP
# Running from : C:\Users\Gavin\Desktop\malware tools\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2179 bytes] - [10/02/2015 22:28:20]
AdwCleaner[R1].txt - [1198 bytes] - [10/02/2015 23:50:58]
AdwCleaner[R2].txt - [1153 bytes] - [12/02/2015 22:45:49]
AdwCleaner[R3].txt - [1283 bytes] - [16/02/2015 12:44:32]
AdwCleaner[S0].txt - [2198 bytes] - [10/02/2015 22:36:57]
AdwCleaner[S1].txt - [1269 bytes] - [11/02/2015 06:52:26]
AdwCleaner[S2].txt - [1223 bytes] - [12/02/2015 22:47:47]
AdwCleaner[S3].txt - [1213 bytes] - [16/02/2015 12:46:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1272  bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/16/2015
Scan Time: 12:55:30 PM
Logfile: mwb_log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.16.07
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Gavin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341268
Time Elapsed: 37 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Gavin on Mon 02/16/2015 at 17:57:26.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 17:59:14.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gavin (administrator) on GAVTEK-LAPTOP on 16-02-2015 18:07:10
Running from C:\Users\Gavin\Desktop\malware tools
Loaded Profiles: Gavin (Available profiles: Gavin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [Google Update] => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleChromeAutoLaunch_0477114E6D4D5C6A3EC1F4BBA6E33D15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S3].txt [1352 2015-02-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF ProfilePath: C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20121105-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/O1DPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: MyWordTool - C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default\Extensions\emily@wilford.biz [2013-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://homesite.athomehealth.org/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Pushbullet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-05]
CHR Extension: (Google Search) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Play Music) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-02-08]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2014-09-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-08]
CHR Extension: (Motorola Connect) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-01-13]
CHR Extension: (Smooth Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-02-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-01]
CHR Extension: (Hangouts) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-16]
CHR Extension: (Save to Pocket) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-02-16]
CHR Extension: (Google Wallet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-27]
CHR Extension: (Gmail) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gavin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]
CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2014-01-06] (http://libusb-win32.sourceforge.net)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-07-16] (Splashtop Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 17:59 - 2015-02-16 17:59 - 00000644 _____ () C:\Users\Gavin\Desktop\JRT.txt
2015-02-16 12:41 - 2015-02-16 12:41 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 03:46 - 2015-02-14 03:46 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-14 03:18 - 2015-02-14 09:11 - 00000796 _____ () C:\WINDOWS\setupact.log
2015-02-14 03:18 - 2015-02-14 03:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 02:45 - 2015-02-14 01:37 - 942428008 _____ () C:\Users\Gavin\Documents\MVI_8422.MOV
2015-02-13 19:16 - 2015-02-16 18:07 - 00000000 ____D () C:\Users\Gavin\Desktop\malware tools
2015-02-13 00:45 - 2015-02-13 00:45 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-12 22:54 - 2015-02-12 22:55 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT (1).exe
2015-02-12 22:51 - 2015-02-16 12:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\219F60EE.sys
2015-02-12 22:47 - 2015-02-16 12:57 - 00122697 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 22:45 - 2015-02-12 22:45 - 02112512 _____ () C:\Users\Gavin\Downloads\adwcleaner_4.110.exe
2015-02-12 22:36 - 2015-02-12 22:36 - 00317620 _____ () C:\WINDOWS\PFRO.log
2015-02-12 22:07 - 2015-02-12 22:07 - 00325284 _____ () C:\Users\Gavin\Documents\cc_20150212_220710.reg
2015-02-12 22:02 - 2015-02-12 22:02 - 05325208 _____ (Piriform Ltd) C:\Users\Gavin\Downloads\ccsetup502.exe
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\LavasoftStatistics
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Ad-Aware Antivirus
2015-02-12 20:36 - 2015-02-12 22:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-12 20:36 - 2015-02-12 20:36 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online (1).exe
2015-02-12 20:33 - 2015-02-12 20:33 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online.exe
2015-02-11 23:49 - 2015-02-16 00:33 - 00000000 ____D () C:\Users\Gavin\Desktop\wedding
2015-02-11 07:35 - 2015-02-11 13:08 - 00009024 _____ () C:\Users\Gavin\Downloads\hijackthis.log
2015-02-10 22:40 - 2015-02-10 22:40 - 00000872 _____ () C:\Users\Gavin\Documents\Downloads - Shortcut.lnk
2015-02-10 22:31 - 2015-02-10 22:31 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT.exe
2015-02-10 22:28 - 2015-02-16 12:46 - 00000000 ____D () C:\AdwCleaner
2015-02-10 22:28 - 2015-02-10 22:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Gavin\Downloads\rkill.com
2015-02-10 22:27 - 2015-02-10 22:27 - 02112512 _____ () C:\Users\Gavin\Downloads\AdwCleaner.exe
2015-02-10 22:19 - 2015-02-10 22:20 - 00027289 _____ () C:\Users\Gavin\Downloads\Addition.txt
2015-02-10 22:17 - 2015-02-16 18:07 - 00000000 ____D () C:\FRST
2015-02-10 22:17 - 2015-02-10 22:20 - 00027111 _____ () C:\Users\Gavin\Downloads\FRST.txt
2015-02-10 22:17 - 2015-02-10 22:17 - 02132992 _____ (Farbar) C:\Users\Gavin\Downloads\FRST64.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST-1.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST.exe
2015-02-10 22:02 - 2015-02-10 22:02 - 00000000 ____D () C:\Users\Gavin\Downloads\backups
2015-02-10 22:00 - 2015-02-10 22:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis (1).exe
2015-02-09 23:09 - 2015-02-09 23:28 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-09 22:09 - 2015-02-09 22:09 - 00045315 _____ () C:\Users\Gavin\Downloads\bright_young_things.zip
2015-02-09 22:07 - 2015-02-09 22:07 - 00030442 _____ () C:\Users\Gavin\Downloads\heart_breaking_bad.zip
2015-02-09 22:04 - 2015-02-09 22:04 - 00036079 _____ () C:\Users\Gavin\Downloads\jane_austen.zip
2015-02-09 22:03 - 2015-02-09 22:03 - 00000000 ____D () C:\Users\Gavin\Downloads\angilla_tattoo
2015-02-09 22:02 - 2015-02-09 22:02 - 01601055 _____ () C:\Users\Gavin\Downloads\angilla_tattoo.zip
2015-02-09 21:57 - 2015-02-09 21:57 - 00110843 _____ () C:\Users\Gavin\Downloads\jellyka_saint_andrews_queen.zip
2015-02-09 19:27 - 2015-02-09 19:27 - 00000000 ____D () C:\Users\Gavin\Desktop\batch_test
2015-02-09 19:11 - 2015-02-09 19:19 - 00000000 ____D () C:\Users\Gavin\Desktop\bridge
2015-02-08 14:38 - 2015-02-08 14:38 - 10040168 _____ (AgileBits ) C:\Users\Gavin\Downloads\1Password-4.1.0.538.exe
2015-02-08 13:09 - 2015-02-08 13:09 - 15698560 _____ (Magisto) C:\Users\Gavin\Downloads\MagistoInstaller_1.0.665.exe
2015-02-08 01:46 - 2015-02-08 01:46 - 00001247 _____ () C:\Users\Gavin\Downloads\TimeLapseBlog.atn
2015-02-07 16:07 - 2015-02-10 23:37 - 00000000 ____D () C:\Users\Gavin\Desktop\dslr
2015-02-07 15:55 - 2015-02-07 15:55 - 07239531 _____ () C:\Users\Gavin\Desktop\Photos2.zip
2015-02-06 01:53 - 2015-02-06 01:53 - 00000000 ____D () C:\Users\Gavin\Desktop\ff
2015-02-03 01:06 - 2015-02-03 01:06 - 00000000 ____D () C:\Users\Gavin\Documents\Adobe
2015-02-02 23:12 - 2015-02-16 17:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 23:12 - 2015-02-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2015-02-16 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-02 23:10 - 2015-02-02 23:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gavin\Documents\mbam-setup-2.0.4.1028.exe
2015-02-02 22:36 - 2015-02-14 09:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-02 22:18 - 2015-02-02 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis.exe
2015-02-02 07:26 - 2015-02-02 07:35 - 00000000 ____D () C:\bbeebc595c1b123d24b43df1
2015-02-01 03:02 - 2015-02-01 03:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\248B7743.sys
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Whiteboard
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Presenter
2015-01-31 19:49 - 2015-01-31 21:26 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-01-31 10:50 - 2015-02-10 23:52 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 08:40 - 2015-01-18 08:40 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-18 03:01 - 2015-01-31 21:52 - 00000000 ____D () C:\Users\Gavin\Desktop\light
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 07:43 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 07:36 - 2012-11-03 11:05 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core.job
2015-02-16 07:33 - 2014-11-01 07:55 - 00000000 ____D () C:\WINDOWS\pss
2015-02-16 07:03 - 2012-10-28 03:06 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 06:45 - 2013-04-06 12:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 00:04 - 2012-10-28 03:06 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 23:47 - 2012-10-28 03:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2661224893-1148045757-344198336-1000
2015-02-14 11:12 - 2013-10-17 18:43 - 00000000 __RDO () C:\Users\Gavin\SkyDrive
2015-02-14 06:24 - 2012-04-25 18:25 - 00000000 ___RD () C:\Users\Gavin\Google Drive
2015-02-13 19:12 - 2014-07-18 18:56 - 00000000 ____D () C:\Users\Gavin\Desktop\National Recovery Agency - Receipt_files
2015-02-12 22:05 - 2014-03-02 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-12 22:05 - 2013-10-17 20:46 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-12 20:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 13:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 07:48 - 2012-10-28 03:05 - 00527360 ___SH () C:\Users\Gavin\Desktop\Thumbs.db
2015-02-11 07:32 - 2012-10-28 02:57 - 00000000 ____D () C:\Users\Gavin\AppData\Local\VirtualStore
2015-02-10 23:57 - 2014-10-28 19:22 - 00003910 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 23:57 - 2013-04-06 12:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-10 23:57 - 2012-11-03 11:05 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA
2015-02-10 23:57 - 2012-11-03 11:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA.job
2015-02-10 23:56 - 2012-11-03 11:05 - 00003502 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core
2015-02-10 23:56 - 2012-10-28 03:06 - 00003674 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 22:52 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 22:38 - 2013-08-22 08:44 - 04963432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-08 13:36 - 2012-10-28 02:58 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Adobe
2015-02-06 14:16 - 2012-10-28 09:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-02 17:52 - 2013-10-17 17:54 - 00000000 ____D () C:\Users\Gavin
2015-02-02 14:16 - 2014-08-18 17:04 - 00007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2015-02-01 10:36 - 2013-08-25 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-01 10:22 - 2012-10-28 03:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-01 10:17 - 2012-10-28 16:18 - 00000000 ____D () C:\ProgramData\Apple
2015-02-01 10:01 - 2013-04-30 19:59 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Cyberlink
2015-02-01 09:51 - 2014-03-04 20:21 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\gnupg
2015-02-01 07:34 - 2014-08-13 19:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-31 21:32 - 2013-10-04 06:42 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Unity
2015-01-31 21:17 - 2012-11-18 14:23 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-31 20:45 - 2013-08-12 21:58 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2015-01-31 15:34 - 2012-12-22 11:09 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Mozilla
2015-01-31 10:56 - 2012-10-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2012-11-07 16:49 - 2012-11-07 16:49 - 0001110 _____ () C:\Program Files (x86)\InstLog.txt
2015-02-13 00:45 - 2015-02-13 00:45 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-09 23:09 - 2015-02-09 23:28 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-19 18:57 - 2014-01-21 19:30 - 0001456 _____ () C:\Users\Gavin\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-25 11:37 - 2013-08-25 11:37 - 0004608 _____ () C:\Users\Gavin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 17:04 - 2015-02-02 14:16 - 0007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2014-11-20 18:55 - 2015-01-12 06:01 - 0659055 _____ () C:\Users\Gavin\AppData\Local\soulseek-client.dat
 
Some content of TEMP:
====================
C:\Users\Gavin\AppData\Local\Temp\21ac6151-c03d-4651-87a9-7a7d0174abc0.exe
C:\Users\Gavin\AppData\Local\Temp\Quarantine.exe
C:\Users\Gavin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-11 13:43
 
==================== End Of Log ============================
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:42 PM

Posted 17 February 2015 - 04:45 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S3].txt [1352 2015-02-16] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 18 February 2015 - 01:06 AM

after following your instructions, I'm sad to say that I'm still experiencing the same issues regarding performance. The hard drive still pegs out at a hundred percent and programs are slow to respond or don't responnd for long periods of time.
Any additional assistance you may be able to provide would be appreciated. Thank you

Here's the logs:


HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2661224893-1148045757-344198336-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
EmptyTemp: => Removed 6.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:51:37 ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gavin (administrator) on GAVTEK-LAPTOP on 17-02-2015 12:58:14
Running from C:\Users\Gavin\Desktop
Loaded Profiles: Gavin (Available profiles: Gavin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [Google Update] => C:\Users\Gavin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [GoogleChromeAutoLaunch_0477114E6D4D5C6A3EC1F4BBA6E33D15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2661224893-1148045757-344198336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20121105-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @talk.google.com/O1DPlugin -> C:\Users\Gavin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2661224893-1148045757-344198336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gavin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gavin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: MyWordTool - C:\Users\Gavin\AppData\Roaming\Mozilla\Firefox\Profiles\ktiktua8.default\Extensions\emily@wilford.biz [2013-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://homesite.athomehealth.org/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Pushbullet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-03-05]
CHR Extension: (Google Search) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Play Music) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-24]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-02-08]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2014-09-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-08]
CHR Extension: (Motorola Connect) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-01-13]
CHR Extension: (Smooth Gestures) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-02-08]
CHR Extension: (Hangouts) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-16]
CHR Extension: (Save to Pocket) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-02-16]
CHR Extension: (Google Wallet) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-27]
CHR Extension: (Gmail) - C:\Users\Gavin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR HKU\S-1-5-21-2661224893-1148045757-344198336-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gavin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2014-01-06] (http://libusb-win32.sourceforge.net)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-07-16] (Splashtop Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 12:57 - 2015-02-17 12:57 - 00019777 _____ () C:\Users\Gavin\Desktop\Addition.txt
2015-02-17 12:48 - 2015-02-17 12:58 - 00000000 _____ () C:\Users\Gavin\Desktop\FRST.txt
2015-02-17 12:46 - 2015-02-17 12:46 - 00027999 _____ () C:\Users\Gavin\Downloads\FRST2.txt
2015-02-16 17:59 - 2015-02-16 17:59 - 00000644 _____ () C:\Users\Gavin\Desktop\JRT.txt
2015-02-16 12:41 - 2015-02-16 12:41 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 03:46 - 2015-02-14 03:46 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-14 03:18 - 2015-02-14 09:11 - 00000796 _____ () C:\WINDOWS\setupact.log
2015-02-14 03:18 - 2015-02-14 03:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 02:45 - 2015-02-14 01:37 - 942428008 _____ () C:\Users\Gavin\Documents\MVI_8422.MOV
2015-02-13 19:18 - 2015-02-16 18:07 - 02085888 _____ (Farbar) C:\Users\Gavin\Desktop\FRST64.exe
2015-02-13 19:16 - 2015-02-17 12:46 - 00000000 ____D () C:\Users\Gavin\Desktop\malware tools
2015-02-13 00:45 - 2015-02-13 00:45 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-12 22:54 - 2015-02-12 22:55 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT (1).exe
2015-02-12 22:51 - 2015-02-16 12:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\219F60EE.sys
2015-02-12 22:47 - 2015-02-16 12:57 - 00122697 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 22:45 - 2015-02-12 22:45 - 02112512 _____ () C:\Users\Gavin\Downloads\adwcleaner_4.110.exe
2015-02-12 22:36 - 2015-02-12 22:36 - 00317620 _____ () C:\WINDOWS\PFRO.log
2015-02-12 22:07 - 2015-02-12 22:07 - 00325284 _____ () C:\Users\Gavin\Documents\cc_20150212_220710.reg
2015-02-12 22:02 - 2015-02-12 22:02 - 05325208 _____ (Piriform Ltd) C:\Users\Gavin\Downloads\ccsetup502.exe
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 22:02 - 2015-02-12 22:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\LavasoftStatistics
2015-02-12 22:01 - 2015-02-12 22:01 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Ad-Aware Antivirus
2015-02-12 20:36 - 2015-02-12 22:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-12 20:36 - 2015-02-12 20:36 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online (1).exe
2015-02-12 20:33 - 2015-02-12 20:33 - 05006864 _____ (AVAST Software) C:\Users\Gavin\Downloads\avast_free_antivirus_setup_online.exe
2015-02-11 23:49 - 2015-02-16 00:33 - 00000000 ____D () C:\Users\Gavin\Desktop\wedding
2015-02-11 07:35 - 2015-02-11 13:08 - 00009024 _____ () C:\Users\Gavin\Downloads\hijackthis.log
2015-02-10 22:40 - 2015-02-10 22:40 - 00000872 _____ () C:\Users\Gavin\Documents\Downloads - Shortcut.lnk
2015-02-10 22:31 - 2015-02-10 22:31 - 01388274 _____ (Thisisu) C:\Users\Gavin\Downloads\JRT.exe
2015-02-10 22:28 - 2015-02-16 12:46 - 00000000 ____D () C:\AdwCleaner
2015-02-10 22:28 - 2015-02-10 22:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Gavin\Downloads\rkill.com
2015-02-10 22:27 - 2015-02-10 22:27 - 02112512 _____ () C:\Users\Gavin\Downloads\AdwCleaner.exe
2015-02-10 22:19 - 2015-02-10 22:20 - 00027289 _____ () C:\Users\Gavin\Downloads\Addition.txt
2015-02-10 22:17 - 2015-02-17 12:58 - 00000000 ____D () C:\FRST
2015-02-10 22:17 - 2015-02-17 12:45 - 00028056 _____ () C:\Users\Gavin\Downloads\FRST.txt
2015-02-10 22:17 - 2015-02-10 22:17 - 02132992 _____ (Farbar) C:\Users\Gavin\Downloads\FRST64.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST-1.exe
2015-02-10 22:16 - 2015-02-10 22:16 - 01124352 _____ (Farbar) C:\Users\Gavin\Downloads\FRST.exe
2015-02-10 22:02 - 2015-02-10 22:02 - 00000000 ____D () C:\Users\Gavin\Downloads\backups
2015-02-10 22:00 - 2015-02-10 22:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis (1).exe
2015-02-09 23:09 - 2015-02-09 23:28 - 00000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-09 22:09 - 2015-02-09 22:09 - 00045315 _____ () C:\Users\Gavin\Downloads\bright_young_things.zip
2015-02-09 22:07 - 2015-02-09 22:07 - 00030442 _____ () C:\Users\Gavin\Downloads\heart_breaking_bad.zip
2015-02-09 22:04 - 2015-02-09 22:04 - 00036079 _____ () C:\Users\Gavin\Downloads\jane_austen.zip
2015-02-09 22:03 - 2015-02-09 22:03 - 00000000 ____D () C:\Users\Gavin\Downloads\angilla_tattoo
2015-02-09 22:02 - 2015-02-09 22:02 - 01601055 _____ () C:\Users\Gavin\Downloads\angilla_tattoo.zip
2015-02-09 21:57 - 2015-02-09 21:57 - 00110843 _____ () C:\Users\Gavin\Downloads\jellyka_saint_andrews_queen.zip
2015-02-09 19:27 - 2015-02-09 19:27 - 00000000 ____D () C:\Users\Gavin\Desktop\batch_test
2015-02-09 19:11 - 2015-02-09 19:19 - 00000000 ____D () C:\Users\Gavin\Desktop\bridge
2015-02-08 14:38 - 2015-02-08 14:38 - 10040168 _____ (AgileBits ) C:\Users\Gavin\Downloads\1Password-4.1.0.538.exe
2015-02-08 13:09 - 2015-02-08 13:09 - 15698560 _____ (Magisto) C:\Users\Gavin\Downloads\MagistoInstaller_1.0.665.exe
2015-02-08 01:46 - 2015-02-08 01:46 - 00001247 _____ () C:\Users\Gavin\Downloads\TimeLapseBlog.atn
2015-02-07 16:07 - 2015-02-10 23:37 - 00000000 ____D () C:\Users\Gavin\Desktop\dslr
2015-02-07 15:55 - 2015-02-07 15:55 - 07239531 _____ () C:\Users\Gavin\Desktop\Photos2.zip
2015-02-06 01:53 - 2015-02-06 01:53 - 00000000 ____D () C:\Users\Gavin\Desktop\ff
2015-02-03 01:06 - 2015-02-03 01:06 - 00000000 ____D () C:\Users\Gavin\Documents\Adobe
2015-02-02 23:12 - 2015-02-16 17:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 23:12 - 2015-02-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2015-02-16 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 23:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-02 23:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-02 23:10 - 2015-02-02 23:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gavin\Documents\mbam-setup-2.0.4.1028.exe
2015-02-02 22:36 - 2015-02-14 09:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-02 22:18 - 2015-02-02 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gavin\Downloads\HijackThis.exe
2015-02-02 07:26 - 2015-02-02 07:35 - 00000000 ____D () C:\bbeebc595c1b123d24b43df1
2015-02-01 03:02 - 2015-02-01 03:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\248B7743.sys
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Whiteboard
2015-01-31 20:32 - 2015-01-31 20:32 - 00000000 ____D () C:\Users\Gavin\Documents\Splashtop Presenter
2015-01-31 19:49 - 2015-01-31 21:26 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-01-31 10:50 - 2015-02-10 23:52 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 08:40 - 2015-01-18 08:40 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-18 03:01 - 2015-01-31 21:52 - 00000000 ____D () C:\Users\Gavin\Desktop\light

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 07:43 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 07:36 - 2012-11-03 11:05 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core.job
2015-02-16 07:33 - 2014-11-01 07:55 - 00000000 ____D () C:\WINDOWS\pss
2015-02-16 07:03 - 2012-10-28 03:06 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 06:45 - 2013-04-06 12:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 00:04 - 2012-10-28 03:06 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 23:47 - 2012-10-28 03:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2661224893-1148045757-344198336-1000
2015-02-14 11:12 - 2013-10-17 18:43 - 00000000 __RDO () C:\Users\Gavin\SkyDrive
2015-02-14 06:24 - 2012-04-25 18:25 - 00000000 ___RD () C:\Users\Gavin\Google Drive
2015-02-13 19:12 - 2014-07-18 18:56 - 00000000 ____D () C:\Users\Gavin\Desktop\National Recovery Agency - Receipt_files
2015-02-12 22:05 - 2014-03-02 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-12 22:05 - 2013-10-17 20:46 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-12 20:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 13:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 07:48 - 2012-10-28 03:05 - 00527360 ___SH () C:\Users\Gavin\Desktop\Thumbs.db
2015-02-11 07:32 - 2012-10-28 02:57 - 00000000 ____D () C:\Users\Gavin\AppData\Local\VirtualStore
2015-02-10 23:57 - 2014-10-28 19:22 - 00003910 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 23:57 - 2013-04-06 12:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-10 23:57 - 2012-11-03 11:05 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA
2015-02-10 23:57 - 2012-11-03 11:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000UA.job
2015-02-10 23:56 - 2012-11-03 11:05 - 00003502 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661224893-1148045757-344198336-1000Core
2015-02-10 23:56 - 2012-10-28 03:06 - 00003674 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 22:52 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 22:38 - 2013-08-22 08:44 - 04963432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-08 13:36 - 2012-10-28 02:58 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Adobe
2015-02-06 14:16 - 2012-10-28 09:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-02 17:52 - 2013-10-17 17:54 - 00000000 ____D () C:\Users\Gavin
2015-02-02 14:16 - 2014-08-18 17:04 - 00007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2015-02-01 10:36 - 2013-08-25 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-01 10:22 - 2012-10-28 03:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-01 10:17 - 2012-10-28 16:18 - 00000000 ____D () C:\ProgramData\Apple
2015-02-01 10:01 - 2013-04-30 19:59 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Cyberlink
2015-02-01 09:51 - 2014-03-04 20:21 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\gnupg
2015-02-01 07:34 - 2014-08-13 19:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-31 21:32 - 2013-10-04 06:42 - 00000000 ____D () C:\Users\Gavin\AppData\Local\Unity
2015-01-31 21:17 - 2012-11-18 14:23 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-31 20:45 - 2013-08-12 21:58 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2015-01-31 15:34 - 2012-12-22 11:09 - 00000000 ____D () C:\Users\Gavin\AppData\Roaming\Mozilla
2015-01-31 10:56 - 2012-10-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2012-11-07 16:49 - 2012-11-07 16:49 - 0001110 _____ () C:\Program Files (x86)\InstLog.txt
2015-02-13 00:45 - 2015-02-13 00:45 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-02-09 23:09 - 2015-02-09 23:28 - 0000132 _____ () C:\Users\Gavin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-19 18:57 - 2014-01-21 19:30 - 0001456 _____ () C:\Users\Gavin\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-25 11:37 - 2013-08-25 11:37 - 0004608 _____ () C:\Users\Gavin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 17:04 - 2015-02-02 14:16 - 0007601 _____ () C:\Users\Gavin\AppData\Local\Resmon.ResmonCfg
2014-11-20 18:55 - 2015-01-12 06:01 - 0659055 _____ () C:\Users\Gavin\AppData\Local\soulseek-client.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2015-02-11 13:43

==================== End Of Log ============================

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Gavin\Documents\malware toolbox\cc_setup.exe a variant of Win32/InstallCore.IL potentially unwanted application deleted - quarantined
C:\Users\Gavin\Documents\web\public_html\cgi-bin\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\images\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_private\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_vti_bin\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_vti_cnf\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_vti_log\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_vti_pvt\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\public_html\_vti_txt\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\cgi-bin\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\images\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_private\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_vti_bin\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_vti_cnf\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_vti_log\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_vti_pvt\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Documents\web\www\_vti_txt\index.php JS/Iframe.IH trojan cleaned by deleting - quarantined
C:\Users\Gavin\Downloads\cnet2_red-v2_2-setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Gavin\Downloads\Upgrade.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\Gavin\Downloads\winzip16-64.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined

#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:42 PM

Posted 18 February 2015 - 07:17 AM

Hey, :)
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 18 February 2015 - 11:23 PM

Tweaking.com - Windows Repair v2.11.1
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1 Pro with Media Center
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack: 
Computer Name: GAVTEK-LAPTOP
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Gavin
Current Profile SID: S-1-5-21-2661224893-1148045757-344198336-1000
Current Profile Classes: S-1-5-21-2661224893-1148045757-344198336-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Gavin\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 04:23:02
 
Process Count: 31
Commit Total: 1.11 GB
Commit Limit: 6.16 GB
Commit Peak: 1.41 GB
Handle Count: 9659
Kernel Total: 235.11 MB
Kernel Paged: 169.82 MB
Kernel Non Paged: 65.29 MB
System Cache: 877.24 MB
Thread Count: 367
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.91 GB
Memory Used: 1.13 GB(29.0251%)
Memory Avail.: 2.77 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.91 GB
Memory Used: 953.63 MB(23.8217%)
Memory Avail.: 2.98 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (2/18/2015 12:24:22 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 45
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (2/18/2015 12:24:25 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
 
Decompressing & Updating Windows Permission File hkud.txt
Done,  0.45 seconds.
 
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.29 seconds.
 
 
Decompressing & Updating Windows Permission File hkcr.txt
Done,  0.84 seconds.
 
 
Decompressing & Updating Windows Permission File hklm.txt
Done,  2.58 seconds.
 
   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (2/18/2015 12:27:43 PM)
 
03 - Reset Service Permissions
   Start (2/18/2015 12:27:43 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (2/18/2015 12:27:46 PM)
 
04 - Register System Files
   Start (2/18/2015 12:27:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:28:05 PM)
 
05 - Repair WMI
   Start (2/18/2015 12:28:05 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Windows Defender Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (2/18/2015 12:37:06 PM)
 
06 - Repair Windows Firewall
   Start (2/18/2015 12:37:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:37:32 PM)
 
07 - Repair Internet Explorer
   Start (2/18/2015 12:37:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:37:46 PM)
 
08 - Repair MDAC/MS Jet
   Start (2/18/2015 12:37:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:37:53 PM)
 
09 - Repair Hosts File
   Start (2/18/2015 12:37:53 PM)
   Running Repair Under System Account
   Done (2/18/2015 12:37:54 PM)
 
10 - Remove Policies Set By Infections
   Start (2/18/2015 12:37:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:37:56 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (2/18/2015 12:37:56 PM)
   Running Repair Under System Account
   Done (2/18/2015 12:37:57 PM)
 
12 - Repair Icons
   Start (2/18/2015 12:37:57 PM)
   Running Repair Under Current User Account
   Done (2/18/2015 12:37:58 PM)
 
13 - Repair Winsock & DNS Cache
   Start (2/18/2015 12:37:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:38:10 PM)
 
15 - Repair Proxy Settings
   Start (2/18/2015 12:38:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:38:12 PM)
 
17 - Repair Windows Updates
   Start (2/18/2015 12:38:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (2/18/2015 12:49:03 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (2/18/2015 12:49:03 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (2/18/2015 12:49:03 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (2/18/2015 12:49:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:21 PM)
 
21 - Repair MSI (Windows Installer)
   Start (2/18/2015 12:49:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:30 PM)
 
23.01 - Repair bat Association
   Start (2/18/2015 12:49:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:32 PM)
 
23.02 - Repair cmd Association
   Start (2/18/2015 12:49:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:34 PM)
 
23.03 - Repair com Association
   Start (2/18/2015 12:49:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:36 PM)
 
23.04 - Repair Directory Association
   Start (2/18/2015 12:49:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:38 PM)
 
23.05 - Repair Drive Association
   Start (2/18/2015 12:49:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:40 PM)
 
23.06 - Repair exe Association
   Start (2/18/2015 12:49:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:43 PM)
 
23.07 - Repair Folder Association
   Start (2/18/2015 12:49:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:45 PM)
 
23.08 - Repair inf Association
   Start (2/18/2015 12:49:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:47 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (2/18/2015 12:49:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:49 PM)
 
23.10 - Repair msc Association
   Start (2/18/2015 12:49:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:51 PM)
 
23.11 - Repair reg Association
   Start (2/18/2015 12:49:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:53 PM)
 
23.12 - Repair scr Association
   Start (2/18/2015 12:49:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:56 PM)
 
24 - Repair Windows Safe Mode
   Start (2/18/2015 12:49:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:49:58 PM)
 
25 - Repair Print Spooler
   Start (2/18/2015 12:49:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:50:02 PM)
 
26 - Restore Important Windows Services
   Start (2/18/2015 12:50:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:50:08 PM)
 
27 - Set Windows Services To Default Startup
   Start (2/18/2015 12:50:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 12:50:10 PM)
 
28 - Repair Windows 8 App Store
   Start (2/18/2015 12:50:10 PM)
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Done (2/18/2015 12:50:54 PM)
 
29 - Repair Windows 8 Component Store
   Start (2/18/2015 12:50:54 PM)
   Running Repair Under Current User Account
   Done (2/18/2015 1:13:02 PM)
 
30 - Restore Windows 8 COM+ Unmarshalers
   Start (2/18/2015 1:13:02 PM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>
 
SetACL finished with error(s): 
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
 
   Done (2/18/2015 1:13:03 PM)
 
31 - Repair Windows 'New' Submenu
   Start (2/18/2015 1:13:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2/18/2015 1:13:05 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (2/18/2015 1:13:05 PM)
   Total Repair Time: 00:48:44
 
 
...YOU MUST RESTART YOUR SYSTEM...


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:42 PM

Posted 19 February 2015 - 04:39 AM

How is your system running now? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 19 February 2015 - 12:23 PM

Unfortunately, the same issue persists. I'm beginning to suspect hardware. It appears that chkdsk /f couldn't complete 100%. I'm open to any further suggestions, tho. Thanks for your time

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 PM

Posted 20 February 2015 - 12:18 PM

Greetings gavtek303,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues. Please allow me a little bit of time to come up to speed.

Thanks for your understanding and patience,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 gavtek303

gavtek303
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 20 February 2015 - 12:45 PM

Thank you sir. Any assistance is greatly appreciated.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 PM

Posted 20 February 2015 - 12:47 PM

:)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 PM

Posted 20 February 2015 - 01:38 PM

Greetings and thanks again for your patience and understanding.

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users