Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vosteron and artimes spyware


  • This topic is locked This topic is locked
53 replies to this topic

#1 lycogan56

lycogan56

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 13 February 2015 - 09:15 PM

I ran some stuff off the web and think this is what I have.  Is there any way to take this stuff off my computer?

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 15 February 2015 - 02:28 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 15 February 2015 - 07:32 PM

The Mirror application did more than one scan.  Here are the different scans in order

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gateway (administrator) on GATEWAY-PC on 15-02-2015 19:21:22
Running from C:\Users\Gateway\Desktop
Loaded Profiles: Gateway (Available profiles: Gateway)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [492600 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Program Files (x86)\PLFSetI.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2009-04-03] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1552497 2009-04-02] (Suyin)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [232192 2009-03-10] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0909&m=nv52_series
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1431264749-325931276-1263734933-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508\searchplugins\yahoo-avast.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S1 Beep; No ImagePath
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-11-17] (EldoS Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
S3 catchme; \??\C:\combo-fix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:21 - 2015-02-15 19:22 - 00016808 _____ () C:\Users\Gateway\Desktop\FRST.txt
2015-02-15 19:20 - 2015-02-15 19:21 - 00000000 ____D () C:\FRST
2015-02-15 19:18 - 2015-02-15 19:18 - 02085888 _____ (Farbar) C:\Users\Gateway\Desktop\FRST64.exe
2015-02-14 06:01 - 2015-02-14 06:01 - 00000000 ___RD () C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-02-13 21:46 - 2015-02-15 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 21:46 - 2015-02-13 21:46 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 21:45 - 2015-02-13 21:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gateway\mbam-setup-2.0.4.1028.exe
2015-02-13 21:09 - 2015-02-13 21:33 - 00000000 ____D () C:\AdwCleaner
2015-02-13 21:09 - 2015-02-13 21:09 - 02112512 _____ () C:\Users\Gateway\adwcleaner_4.110.exe
2015-02-13 20:47 - 2015-02-13 20:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _____ () C:\autoexec.bat
2015-02-13 19:54 - 2015-02-13 19:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-13 17:16 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 17:16 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 17:15 - 2015-01-08 19:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 17:13 - 2015-01-12 20:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 17:13 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 17:06 - 2015-01-15 01:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 17:06 - 2015-01-14 23:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 20:11 - 2015-01-13 22:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:11 - 2015-01-13 21:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 21:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:11 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:11 - 2015-01-13 20:47 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 20:11 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:11 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:10 - 2015-01-13 21:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:10 - 2015-01-13 21:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:10 - 2015-01-13 21:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 21:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 21:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:10 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:10 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:10 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-09 21:21 - 2015-02-09 21:21 - 00001963 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-01-27 19:54 - 2015-01-27 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 20:18 - 2015-01-22 19:44 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1431264749-325931276-1263734933-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:16 - 2012-05-31 05:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 18:15 - 2014-11-15 15:14 - 00000000 ____D () C:\KMPlayer
2015-02-15 16:47 - 2009-09-02 10:48 - 01679419 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 15:05 - 2014-11-12 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 05:59 - 2008-01-20 22:26 - 01339862 _____ () C:\Windows\PFRO.log
2015-02-14 05:59 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 05:58 - 2006-11-02 10:42 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 05:57 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-02-13 22:16 - 2012-05-31 05:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 22:16 - 2012-05-31 05:40 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-13 22:16 - 2012-01-06 07:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 21:45 - 2009-09-02 08:13 - 00000000 ____D () C:\Users\Gateway
2015-02-13 19:55 - 2012-08-28 11:45 - 00000000 ____D () C:\Users\Gateway\AppData\Roaming\Skype
2015-02-13 19:32 - 2013-10-10 10:32 - 00000000 ____D () C:\Users\Gateway\Desktop\BUDGETING CLASS
2015-02-13 17:36 - 2006-11-02 10:21 - 00305976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 17:13 - 2009-03-10 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 17:06 - 2013-08-18 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 16:53 - 2006-11-02 07:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-09 22:29 - 2014-11-15 08:20 - 00000000 ____D () C:\HDW50_TMP
2015-02-09 21:21 - 2009-10-13 07:51 - 00000000 ____D () C:\Users\Gateway\AppData\Local\Adobe
2015-02-09 19:37 - 2013-02-23 13:18 - 00716990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 06:56 - 2014-12-09 20:44 - 00000000 ____D () C:\Users\Gateway\Desktop\Audit Report
2015-02-01 06:34 - 2012-04-27 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 20:29 - 2014-11-12 18:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 20:23 - 2014-11-12 18:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-20 20:22 - 2014-11-12 18:54 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2014-11-15 18:22 - 2014-11-15 18:22 - 0000043 _____ () C:\Users\Gateway\AppData\Roaming\WB.CFG
2011-11-28 17:58 - 2012-01-21 08:00 - 0001062 _____ () C:\Users\Gateway\AppData\Roaming\wklnhst.dat
2010-04-16 16:46 - 2014-11-09 05:37 - 0000680 _____ () C:\Users\Gateway\AppData\Local\d3d9caps.dat
2009-10-25 14:55 - 2014-11-14 20:51 - 0014848 _____ () C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-02 08:37 - 2009-09-02 08:37 - 0421504 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0439652 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI68DD.txt
2009-09-02 08:37 - 2009-09-02 08:37 - 0017380 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0011670 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI68DD.txt
2010-12-25 15:08 - 2010-12-25 15:08 - 0000095 _____ () C:\Users\Gateway\AppData\Local\fusioncache.dat
2011-05-23 20:58 - 2011-06-04 08:04 - 0001940 _____ () C:\Users\Gateway\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:
====================
C:\Users\Gateway\adwcleaner_4.110.exe
C:\Users\Gateway\mbam-setup-2.0.4.1028.exe

Some content of TEMP:
====================
C:\Users\Gateway\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Gateway\AppData\Local\temp\KMP_3.9.1.131.exe
C:\Users\Gateway\AppData\Local\temp\ochelper.exe
C:\Users\Gateway\AppData\Local\temp\ReimagePackage.exe
C:\Users\Gateway\AppData\Local\temp\SHSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 06:13

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gateway (administrator) on GATEWAY-PC on 15-02-2015 19:26:39
Running from C:\Users\Gateway\Desktop
Loaded Profiles: Gateway (Available profiles: Gateway)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [492600 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Program Files (x86)\PLFSetI.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2009-04-03] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1552497 2009-04-02] (Suyin)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [232192 2009-03-10] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0909&m=nv52_series
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1431264749-325931276-1263734933-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508\searchplugins\yahoo-avast.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S1 Beep; No ImagePath
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-11-17] (EldoS Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
S3 catchme; \??\C:\combo-fix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:22 - 2015-02-15 19:26 - 00025014 _____ () C:\Users\Gateway\Desktop\Addition.txt
2015-02-15 19:21 - 2015-02-15 19:27 - 00016808 _____ () C:\Users\Gateway\Desktop\FRST.txt
2015-02-15 19:20 - 2015-02-15 19:26 - 00000000 ____D () C:\FRST
2015-02-15 19:18 - 2015-02-15 19:18 - 02085888 _____ (Farbar) C:\Users\Gateway\Desktop\FRST64.exe
2015-02-14 06:01 - 2015-02-14 06:01 - 00000000 ___RD () C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-02-13 21:46 - 2015-02-15 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 21:46 - 2015-02-13 21:46 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 21:45 - 2015-02-13 21:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gateway\mbam-setup-2.0.4.1028.exe
2015-02-13 21:09 - 2015-02-13 21:33 - 00000000 ____D () C:\AdwCleaner
2015-02-13 21:09 - 2015-02-13 21:09 - 02112512 _____ () C:\Users\Gateway\adwcleaner_4.110.exe
2015-02-13 20:47 - 2015-02-13 20:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _____ () C:\autoexec.bat
2015-02-13 19:54 - 2015-02-13 19:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-13 17:16 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 17:16 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 17:15 - 2015-01-08 19:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 17:13 - 2015-01-12 20:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 17:13 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 17:06 - 2015-01-15 01:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 17:06 - 2015-01-14 23:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 20:11 - 2015-01-13 22:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:11 - 2015-01-13 21:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 21:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:11 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:11 - 2015-01-13 20:47 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 20:11 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:11 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:10 - 2015-01-13 21:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:10 - 2015-01-13 21:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:10 - 2015-01-13 21:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 21:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 21:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:10 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:10 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:10 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-09 21:21 - 2015-02-09 21:21 - 00001963 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-01-27 19:54 - 2015-01-27 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 20:18 - 2015-01-22 19:44 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1431264749-325931276-1263734933-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:16 - 2012-05-31 05:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 18:15 - 2014-11-15 15:14 - 00000000 ____D () C:\KMPlayer
2015-02-15 16:47 - 2009-09-02 10:48 - 01679419 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 15:05 - 2014-11-12 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 05:59 - 2008-01-20 22:26 - 01339862 _____ () C:\Windows\PFRO.log
2015-02-14 05:59 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 05:58 - 2006-11-02 10:42 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 05:57 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-02-13 22:16 - 2012-05-31 05:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 22:16 - 2012-05-31 05:40 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-13 22:16 - 2012-01-06 07:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 21:45 - 2009-09-02 08:13 - 00000000 ____D () C:\Users\Gateway
2015-02-13 19:55 - 2012-08-28 11:45 - 00000000 ____D () C:\Users\Gateway\AppData\Roaming\Skype
2015-02-13 19:32 - 2013-10-10 10:32 - 00000000 ____D () C:\Users\Gateway\Desktop\BUDGETING CLASS
2015-02-13 17:36 - 2006-11-02 10:21 - 00305976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 17:13 - 2009-03-10 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 17:06 - 2013-08-18 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 16:53 - 2006-11-02 07:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-09 22:29 - 2014-11-15 08:20 - 00000000 ____D () C:\HDW50_TMP
2015-02-09 21:21 - 2009-10-13 07:51 - 00000000 ____D () C:\Users\Gateway\AppData\Local\Adobe
2015-02-09 19:37 - 2013-02-23 13:18 - 00716990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 06:56 - 2014-12-09 20:44 - 00000000 ____D () C:\Users\Gateway\Desktop\Audit Report
2015-02-01 06:34 - 2012-04-27 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 20:29 - 2014-11-12 18:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 20:23 - 2014-11-12 18:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-20 20:22 - 2014-11-12 18:54 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2014-11-15 18:22 - 2014-11-15 18:22 - 0000043 _____ () C:\Users\Gateway\AppData\Roaming\WB.CFG
2011-11-28 17:58 - 2012-01-21 08:00 - 0001062 _____ () C:\Users\Gateway\AppData\Roaming\wklnhst.dat
2010-04-16 16:46 - 2014-11-09 05:37 - 0000680 _____ () C:\Users\Gateway\AppData\Local\d3d9caps.dat
2009-10-25 14:55 - 2014-11-14 20:51 - 0014848 _____ () C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-02 08:37 - 2009-09-02 08:37 - 0421504 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0439652 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI68DD.txt
2009-09-02 08:37 - 2009-09-02 08:37 - 0017380 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0011670 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI68DD.txt
2010-12-25 15:08 - 2010-12-25 15:08 - 0000095 _____ () C:\Users\Gateway\AppData\Local\fusioncache.dat
2011-05-23 20:58 - 2011-06-04 08:04 - 0001940 _____ () C:\Users\Gateway\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:
====================
C:\Users\Gateway\adwcleaner_4.110.exe
C:\Users\Gateway\mbam-setup-2.0.4.1028.exe

Some content of TEMP:
====================
C:\Users\Gateway\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Gateway\AppData\Local\temp\KMP_3.9.1.131.exe
C:\Users\Gateway\AppData\Local\temp\ochelper.exe
C:\Users\Gateway\AppData\Local\temp\ReimagePackage.exe
C:\Users\Gateway\AppData\Local\temp\SHSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 06:13

==================== End Of Log ================

 

Here is what I think is the second scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gateway (administrator) on GATEWAY-PC on 15-02-2015 19:26:39
Running from C:\Users\Gateway\Desktop
Loaded Profiles: Gateway (Available profiles: Gateway)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [492600 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Program Files (x86)\PLFSetI.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2009-04-03] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1552497 2009-04-02] (Suyin)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [232192 2009-03-10] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0909&m=nv52_series
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1431264749-325931276-1263734933-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508\searchplugins\yahoo-avast.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S1 Beep; No ImagePath
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-11-17] (EldoS Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
S3 catchme; \??\C:\combo-fix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:22 - 2015-02-15 19:26 - 00025014 _____ () C:\Users\Gateway\Desktop\Addition.txt
2015-02-15 19:21 - 2015-02-15 19:27 - 00016808 _____ () C:\Users\Gateway\Desktop\FRST.txt
2015-02-15 19:20 - 2015-02-15 19:26 - 00000000 ____D () C:\FRST
2015-02-15 19:18 - 2015-02-15 19:18 - 02085888 _____ (Farbar) C:\Users\Gateway\Desktop\FRST64.exe
2015-02-14 06:01 - 2015-02-14 06:01 - 00000000 ___RD () C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-02-13 21:46 - 2015-02-15 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 21:46 - 2015-02-13 21:46 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2015-02-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 21:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 21:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 21:45 - 2015-02-13 21:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gateway\mbam-setup-2.0.4.1028.exe
2015-02-13 21:09 - 2015-02-13 21:33 - 00000000 ____D () C:\AdwCleaner
2015-02-13 21:09 - 2015-02-13 21:09 - 02112512 _____ () C:\Users\Gateway\adwcleaner_4.110.exe
2015-02-13 20:47 - 2015-02-13 20:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _____ () C:\autoexec.bat
2015-02-13 19:54 - 2015-02-13 19:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-13 17:16 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 17:16 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 17:15 - 2015-01-08 19:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 17:13 - 2015-01-12 20:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 17:13 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 17:06 - 2015-01-15 01:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 17:06 - 2015-01-14 23:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 20:11 - 2015-01-13 22:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:11 - 2015-01-13 21:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 21:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:11 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:11 - 2015-01-13 20:47 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 20:11 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:11 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:10 - 2015-01-13 21:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:10 - 2015-01-13 21:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:10 - 2015-01-13 21:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 21:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 21:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:10 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:10 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:10 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-09 21:21 - 2015-02-09 21:21 - 00001963 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-01-27 19:54 - 2015-01-27 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 20:18 - 2015-01-22 19:44 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1431264749-325931276-1263734933-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:16 - 2012-05-31 05:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 18:15 - 2014-11-15 15:14 - 00000000 ____D () C:\KMPlayer
2015-02-15 16:47 - 2009-09-02 10:48 - 01679419 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 15:05 - 2014-11-12 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 05:59 - 2008-01-20 22:26 - 01339862 _____ () C:\Windows\PFRO.log
2015-02-14 05:59 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 05:58 - 2006-11-02 10:42 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 05:57 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-02-13 22:16 - 2012-05-31 05:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 22:16 - 2012-05-31 05:40 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-13 22:16 - 2012-01-06 07:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 21:45 - 2009-09-02 08:13 - 00000000 ____D () C:\Users\Gateway
2015-02-13 19:55 - 2012-08-28 11:45 - 00000000 ____D () C:\Users\Gateway\AppData\Roaming\Skype
2015-02-13 19:32 - 2013-10-10 10:32 - 00000000 ____D () C:\Users\Gateway\Desktop\BUDGETING CLASS
2015-02-13 17:36 - 2006-11-02 10:21 - 00305976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 17:13 - 2009-03-10 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 17:06 - 2013-08-18 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 16:53 - 2006-11-02 07:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-09 22:29 - 2014-11-15 08:20 - 00000000 ____D () C:\HDW50_TMP
2015-02-09 21:21 - 2009-10-13 07:51 - 00000000 ____D () C:\Users\Gateway\AppData\Local\Adobe
2015-02-09 19:37 - 2013-02-23 13:18 - 00716990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 06:56 - 2014-12-09 20:44 - 00000000 ____D () C:\Users\Gateway\Desktop\Audit Report
2015-02-01 06:34 - 2012-04-27 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 20:29 - 2014-11-12 18:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 20:23 - 2014-11-12 18:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-20 20:22 - 2014-11-12 18:54 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2014-11-15 18:22 - 2014-11-15 18:22 - 0000043 _____ () C:\Users\Gateway\AppData\Roaming\WB.CFG
2011-11-28 17:58 - 2012-01-21 08:00 - 0001062 _____ () C:\Users\Gateway\AppData\Roaming\wklnhst.dat
2010-04-16 16:46 - 2014-11-09 05:37 - 0000680 _____ () C:\Users\Gateway\AppData\Local\d3d9caps.dat
2009-10-25 14:55 - 2014-11-14 20:51 - 0014848 _____ () C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-02 08:37 - 2009-09-02 08:37 - 0421504 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0439652 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI68DD.txt
2009-09-02 08:37 - 2009-09-02 08:37 - 0017380 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0011670 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI68DD.txt
2010-12-25 15:08 - 2010-12-25 15:08 - 0000095 _____ () C:\Users\Gateway\AppData\Local\fusioncache.dat
2011-05-23 20:58 - 2011-06-04 08:04 - 0001940 _____ () C:\Users\Gateway\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:
====================
C:\Users\Gateway\adwcleaner_4.110.exe
C:\Users\Gateway\mbam-setup-2.0.4.1028.exe

Some content of TEMP:
====================
C:\Users\Gateway\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Gateway\AppData\Local\temp\KMP_3.9.1.131.exe
C:\Users\Gateway\AppData\Local\temp\ochelper.exe
C:\Users\Gateway\AppData\Local\temp\ReimagePackage.exe
C:\Users\Gateway\AppData\Local\temp\SHSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 06:13

==================== End Of Log ===============

 

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Gateway at 2015-02-15 19:27:52
Running from C:\Users\Gateway\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{730875EA-ABE5-2DCE-D0CA-E8F3CEF41FF1}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager Basic (x32 Version: 1.0.0.37 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.01 - Broadcom Corporation)
ccc-core-static (x32 Version: 2009.0203.2228.40314 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.91.7.51 - Conexant)
CopyTrans Suite Remove Only (HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325a - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2803.50 - CyberLink Corp.)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.37 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.00.3006 - Acer Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.0.0.416 - Gateway)
HD Writer AE 5.0 (HKLM-x32\...\{433E3E7F-4510-41F9-B9FB-55D8ECB30259}) (Version: 5.00.001.1033 - Panasonic Corporation)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.0 - Conexant Systems)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.8.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
Launch Manager (HKLM-x32\...\LManager) (Version: 2.0.01 - Gateway)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.2 - Pando Networks Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20125 - Realtek Semiconductor Corp.)
Risk (HKLM-x32\...\bb3e225e1aaf56cf8f40418cd6333ebc) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 0.5.3.1 - SuYin)
WildTangent Games App (Gateway Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway) (Version: 4.0.5.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

12-11-2014 18:48:56 Installed Java 7 Update 71
14-11-2014 17:01:59 ComboFix created restore point
14-11-2014 21:01:22 Installed HD Writer AE 5.0
15-11-2014 18:44:47 Windows Update
29-11-2014 06:17:27 Windows Update
30-11-2014 03:00:26 Windows Update
06-12-2014 14:38:15 Windows Update
11-12-2014 03:00:48 Windows Update
16-12-2014 19:27:20 Windows Update
23-12-2014 19:50:35 Windows Update
27-12-2014 14:03:55 Windows Update
31-12-2014 08:56:45 Windows Update
06-01-2015 19:27:38 Windows Update
14-01-2015 19:07:59 Windows Update
15-01-2015 03:00:24 Windows Update
18-01-2015 10:00:57 Windows Update
21-01-2015 03:00:25 Windows Update
23-01-2015 19:18:48 Windows Update
27-01-2015 19:14:22 Windows Update
01-02-2015 06:46:46 Windows Update
09-02-2015 19:44:44 Windows Update
13-02-2015 16:45:22 Windows Update
13-02-2015 19:52:47 Installed SpyHunter
13-02-2015 20:45:10 Removed SpyHunter
13-02-2015 20:46:03 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2014-11-14 17:31 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1474826A-9C46-4F97-9CF1-C7A7054E55A9} - System32\Tasks\avastBCLRestartS-1-5-21-1431264749-325931276-1263734933-1000 => Firefox.exe
Task: {200B8C48-4F5B-4D2D-8C0D-E1FDCFDFA491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {366FC2E7-21C9-425B-BC54-41814F2B4186} - System32\Tasks\SearchGuardPlusUpdater => C:\Program Files\Search Guard PlusU\sgpupdaters.exe
Task: {6AF9A3FE-EF7F-4231-98F4-63DE5220A5A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A4DB67CB-569C-4634-AAE7-3A3607B210C5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {BA2B70B3-05D3-4865-928E-46EC308AADFD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E665EC25-5909-4945-86F5-69E1AA04F311} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-09-02 11:25 - 2009-02-18 19:44 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2014-11-12 15:58 - 2014-11-12 15:58 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-12 15:58 - 2014-11-12 15:58 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2009-09-02 08:21 - 2009-09-02 08:21 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-26 14:56 - 2009-01-26 14:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-12 15:58 - 2014-11-12 15:58 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-15 15:06 - 2015-02-15 15:06 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021501\algo.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-01 22:28 - 2009-02-01 22:28 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2009-02-05 20:28 - 2009-02-05 20:28 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2009-09-02 08:23 - 2009-03-01 21:54 - 00040960 _____ () C:\Program Files (x86)\VideoWebCamera\Utility.dll
2009-09-02 08:23 - 2009-01-12 16:11 - 00626688 _____ () C:\Program Files (x86)\VideoWebCamera\Image.dll
2009-09-02 11:26 - 2003-06-07 16:30 - 00057344 _____ () C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2008-08-27 16:32 - 2008-08-27 16:32 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 09:55 - 2008-06-09 09:55 - 00013096 ____N () c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-12 15:59 - 2014-11-12 15:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gateway\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1431264749-325931276-1263734933-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1431264749-325931276-1263734933-1002 - Limited - Enabled)
Gateway (S-1-5-21-1431264749-325931276-1263734933-1000 - Administrator - Enabled) => C:\Users\Gateway
Guest (S-1-5-21-1431264749-325931276-1263734933-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 06:13:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16609 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: afc
Start Time: 01d0495ac74dbfb0
Termination Time: 122

Error: (02/14/2015 11:39:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

Error: (02/14/2015 11:39:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072

Error: (02/14/2015 11:39:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 11:39:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073

Error: (02/14/2015 11:39:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3073

Error: (02/14/2015 11:39:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 10:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5240182

Error: (02/14/2015 10:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5240182

Error: (02/14/2015 10:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/14/2015 06:02:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (02/14/2015 06:02:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (02/14/2015 06:01:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (02/14/2015 06:01:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (02/14/2015 06:01:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: X4HSX32%%3

Error: (02/13/2015 09:19:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (02/13/2015 09:19:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (02/13/2015 09:19:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: X4HSX32%%3

Error: (02/13/2015 09:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (02/13/2015 09:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service

Microsoft Office Sessions:
=========================
Error: (03/21/2013 03:23:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/21/2013 03:22:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-02-15 19:27:43.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:42.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:41.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:39.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:38.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:36.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:35.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:27:34.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:22:41.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-15 19:22:40.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ X2 Dual-Core QL-64
Percentage of memory in use: 53%
Total physical RAM: 3837.43 MB
Available physical RAM: 1787.26 MB
Total Pagefile: 7901.38 MB
Available Pagefile: 5246.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:286.37 GB) (Free:146.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: E6B1AF2E)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=286.4 GB) - (Type=07 NTFS)

==================== End Of Log ================


Edited by lycogan56, 15 February 2015 - 07:43 PM.


#4 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 15 February 2015 - 07:37 PM

My defender has been down for awhile too.  My understanding is Avast takes on that task and disables defender? 



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 16 February 2015 - 04:41 AM

Probably yes. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 16 February 2015 - 08:25 PM

Adwear cleaner log

 

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 20:14:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Gateway - GATEWAY-PC
# Running from : C:\Users\Gateway\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R1].txt - [8889 bytes] - [13/02/2015 21:09:46]
AdwCleaner[R2].txt - [906 bytes] - [13/02/2015 21:23:33]
AdwCleaner[R3].txt - [964 bytes] - [13/02/2015 21:28:55]
AdwCleaner[R4].txt - [1024 bytes] - [16/02/2015 20:07:05]
AdwCleaner[R5].txt - [1084 bytes] - [16/02/2015 20:11:57]
AdwCleaner[S0].txt - [8207 bytes] - [13/02/2015 21:15:52]
AdwCleaner[S1].txt - [1012 bytes] - [16/02/2015 20:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1071  bytes] ##########



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 17 February 2015 - 04:51 AM

I'm waiting for the other logs. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 17 February 2015 - 08:24 AM

I am having a little problem finding the export log for malwarebytes.  My screen for the log looked similar but different.  I didn't have an export button.  I am rescanning since I ran maywarebytes lastnight when I was sleeping.  I will post the log.  The program did say no threats detected.  I will get the log asap, after lunch today i will post.



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 17 February 2015 - 04:11 PM

Hey, :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 17 February 2015 - 08:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/17/2015
Scan Time: 8:22:06 AM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.17.08
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Gateway

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406842
Time Elapsed: 32 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#11 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 17 February 2015 - 08:27 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows ™ Vista Home Premium x64
Ran by Gateway on Tue 02/17/2015 at 20:07:02.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update jump flip
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util jump flip
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 20:15:26.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 17 February 2015 - 08:38 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gateway (administrator) on GATEWAY-PC on 17-02-2015 20:28:57
Running from C:\Users\Gateway\Desktop
Loaded Profiles: Gateway (Available profiles: Gateway)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Thisisu) C:\Users\Gateway\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [492600 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Program Files (x86)\PLFSetI.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2009-04-03] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1552497 2009-04-02] (Suyin)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [232192 2009-03-10] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0909&m=nv52_series
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 18 February 2015 - 07:11 AM

That's not the full log! Please repost. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 lycogan56

lycogan56
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 18 February 2015 - 07:21 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gateway (administrator) on GATEWAY-PC on 18-02-2015 07:14:17
Running from C:\Users\Gateway\Desktop
Loaded Profiles: Gateway (Available profiles: Gateway)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [492600 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Program Files (x86)\PLFSetI.exe
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2009-04-03] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] => C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1552497 2009-04-02] (Suyin)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [232192 2009-03-10] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0909&m=nv52_series
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1431264749-325931276-1263734933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1431264749-325931276-1263734933-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\5u3mtcez.default-1416087765508\searchplugins\yahoo-avast.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S1 Beep; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-11-17] (EldoS Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
S3 catchme; \??\C:\combo-fix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:15 - 2015-02-17 20:15 - 00001492 _____ () C:\Users\Gateway\Desktop\JRT.txt
2015-02-17 20:06 - 2015-02-17 20:06 - 01388274 _____ (Thisisu) C:\Users\Gateway\Desktop\JRT.exe
2015-02-17 20:05 - 2015-02-17 20:05 - 00001069 _____ () C:\Users\Gateway\Desktop\Malwarebytes.txt
2015-02-16 20:30 - 2015-02-17 08:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 20:30 - 2015-02-16 20:30 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 20:30 - 2015-02-16 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 20:30 - 2015-02-16 20:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 20:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 20:30 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 20:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 20:27 - 2015-02-16 20:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gateway\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-16 20:20 - 2015-02-16 20:20 - 00000000 ___RD () C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-02-16 20:06 - 2015-02-16 20:06 - 02112512 _____ () C:\Users\Gateway\Desktop\AdwCleaner.exe
2015-02-15 19:22 - 2015-02-15 19:28 - 00025014 _____ () C:\Users\Gateway\Desktop\Addition.txt
2015-02-15 19:21 - 2015-02-18 07:14 - 00016149 _____ () C:\Users\Gateway\Desktop\FRST.txt
2015-02-15 19:20 - 2015-02-18 07:14 - 00000000 ____D () C:\FRST
2015-02-15 19:18 - 2015-02-15 19:18 - 02085888 _____ (Farbar) C:\Users\Gateway\Desktop\FRST64.exe
2015-02-15 15:30 - 2015-01-22 23:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 15:30 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 15:30 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-15 15:29 - 2015-01-22 22:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 21:45 - 2015-02-13 21:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gateway\mbam-setup-2.0.4.1028.exe
2015-02-13 21:09 - 2015-02-16 20:15 - 00000000 ____D () C:\AdwCleaner
2015-02-13 20:47 - 2015-02-13 20:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-02-13 19:55 - 2015-02-13 19:55 - 00000000 _____ () C:\autoexec.bat
2015-02-13 19:54 - 2015-02-13 19:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-13 17:16 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 17:16 - 2014-12-07 20:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 17:15 - 2015-01-08 19:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 17:13 - 2015-01-12 20:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 17:13 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 17:06 - 2015-01-15 01:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-13 17:06 - 2015-01-14 23:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 20:11 - 2015-01-13 22:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:11 - 2015-01-13 21:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:11 - 2015-01-13 21:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 21:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 21:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:11 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:11 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:11 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:11 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:11 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:11 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:10 - 2015-01-13 21:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:10 - 2015-01-13 21:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:10 - 2015-01-13 21:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 21:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 21:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 21:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:10 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:10 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:10 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:10 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:10 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:10 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:10 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-27 19:54 - 2015-01-27 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-20 20:29 - 2015-01-20 20:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 20:18 - 2015-01-22 19:44 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1431264749-325931276-1263734933-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 07:12 - 2009-09-02 10:48 - 01777601 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 22:16 - 2012-05-31 05:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 22:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 22:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 20:21 - 2014-11-12 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-16 20:17 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 20:15 - 2006-11-02 10:42 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-16 20:05 - 2009-09-02 08:13 - 00000000 ____D () C:\Users\Gateway
2015-02-16 19:41 - 2008-01-20 22:26 - 01340216 _____ () C:\Windows\PFRO.log
2015-02-15 18:15 - 2014-11-15 15:14 - 00000000 ____D () C:\KMPlayer
2015-02-14 05:59 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-02-13 22:16 - 2012-05-31 05:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 22:16 - 2012-05-31 05:40 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-13 22:16 - 2012-01-06 07:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 19:55 - 2012-08-28 11:45 - 00000000 ____D () C:\Users\Gateway\AppData\Roaming\Skype
2015-02-13 19:32 - 2013-10-10 10:32 - 00000000 ____D () C:\Users\Gateway\Desktop\BUDGETING CLASS
2015-02-13 17:36 - 2006-11-02 10:21 - 00305976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 17:13 - 2009-03-10 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 17:06 - 2013-08-18 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 16:53 - 2006-11-02 07:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-09 22:29 - 2014-11-15 08:20 - 00000000 ____D () C:\HDW50_TMP
2015-02-09 21:21 - 2009-10-13 07:51 - 00000000 ____D () C:\Users\Gateway\AppData\Local\Adobe
2015-02-09 19:37 - 2013-02-23 13:18 - 00716990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 06:56 - 2014-12-09 20:44 - 00000000 ____D () C:\Users\Gateway\Desktop\Audit Report
2015-02-01 06:34 - 2012-04-27 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-22 19:44 - 2012-02-22 17:44 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 20:29 - 2014-11-12 18:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 20:23 - 2014-11-12 18:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-20 20:22 - 2014-11-12 18:54 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2014-11-15 18:22 - 2014-11-15 18:22 - 0000043 _____ () C:\Users\Gateway\AppData\Roaming\WB.CFG
2011-11-28 17:58 - 2012-01-21 08:00 - 0001062 _____ () C:\Users\Gateway\AppData\Roaming\wklnhst.dat
2010-04-16 16:46 - 2014-11-09 05:37 - 0000680 _____ () C:\Users\Gateway\AppData\Local\d3d9caps.dat
2009-10-25 14:55 - 2014-11-14 20:51 - 0014848 _____ () C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-02 08:37 - 2009-09-02 08:37 - 0421504 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0439652 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistMSI68DD.txt
2009-09-02 08:37 - 2009-09-02 08:37 - 0017380 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI1679.txt
2014-11-14 21:04 - 2014-11-14 21:05 - 0011670 _____ () C:\Users\Gateway\AppData\Local\dd_vcredistUI68DD.txt
2010-12-25 15:08 - 2010-12-25 15:08 - 0000095 _____ () C:\Users\Gateway\AppData\Local\fusioncache.dat
2011-05-23 20:58 - 2011-06-04 08:04 - 0001940 _____ () C:\Users\Gateway\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Files to move or delete:
====================
C:\Users\Gateway\mbam-setup-2.0.4.1028.exe

Some content of TEMP:
====================
C:\Users\Gateway\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Gateway\AppData\Local\temp\KMP_3.9.1.131.exe
C:\Users\Gateway\AppData\Local\temp\ochelper.exe
C:\Users\Gateway\AppData\Local\temp\Quarantine.exe
C:\Users\Gateway\AppData\Local\temp\ReimagePackage.exe
C:\Users\Gateway\AppData\Local\temp\SHSetup.exe
C:\Users\Gateway\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-17 21:00

==================== End Of Log ============================



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 18 February 2015 - 09:19 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1431264749-325931276-1263734933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-1431264749-325931276-1263734933-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    C:\Users\Gateway\mbam-setup-2.0.4.1028.exe
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users