Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Browser Reloading, Very Slow PC


  • Please log in to reply
15 replies to this topic

#1 Rustykeys

Rustykeys

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 14 March 2015 - 12:15 PM

Slow boot time, constant browser saying failed to respond and or constant reloading. Same issue with Outlook. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Rusty (administrator) on RUSTYS-PC on 14-03-2015 12:31:24
Running from C:\Users\Rusty\Downloads
Loaded Profiles: Rusty (Available profiles: Rusty & Mcx1-RUSTYS-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090272 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mcx1-RUSTYS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {35E1E9BE-8542-4A50-AA58-F3E1105D0635} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {C0114F18-AC58-4188-9C8B-3FE75FAFCA77} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: 
FF Homepage: hxxp://drudgereport.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll [2013-02-28] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4201397150-2565776483-3109990824-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rusty\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-16] (Citrix Online)
FF user.js: detected! => C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\user.js [2014-11-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml [2013-06-20]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\MyStart.xml [2013-06-26]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\safesearch.xml [2011-10-19]
FF Extension: Avira Browser Safety - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: DNSSD for Firefox - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\bonjourfoxy@bonjourfoxy.net [2013-07-27]
FF Extension: Avira SafeSearch - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\safesearch@avira.com [2015-02-26]
FF Extension: LastPass - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\support@lastpass.com [2014-12-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
CHR Extension: (Google Docs) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
CHR Extension: (Google Drive) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (YouTube) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (Avira Browser Safety) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-31]
CHR Extension: (Norton Identity Safe) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 nlsX86cc; C:\windows\SysWOW64\nlssrv32.exe [66560 2011-05-17] (Nalpeiron Ltd.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 kc02us_bus; C:\Windows\System32\DRIVERS\kc02us_bus64.sys [51608 2012-09-28] (Kyocera Corporation)
S3 kc02us_mdm; C:\Windows\System32\DRIVERS\kc02us_mdm64.sys [73624 2012-09-28] (Kyocera Corporation)
S3 kc02us_serd; C:\Windows\System32\DRIVERS\kc02us_serd64.sys [66968 2012-09-28] (Kyocera Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-25] (Duplex Secure Ltd.)
S2 SSPORT; C:\windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 12:31 - 2015-03-14 12:33 - 00028539 _____ () C:\Users\Rusty\Downloads\FRST.txt
2015-03-14 12:31 - 2015-03-14 12:31 - 00000000 ____D () C:\FRST
2015-03-14 12:30 - 2015-03-14 12:30 - 02095616 _____ (Farbar) C:\Users\Rusty\Downloads\FRST64.exe
2015-03-14 12:24 - 2015-03-14 12:24 - 00013248 _____ () C:\Users\Rusty\Downloads\hijackthis (2).log
2015-03-14 12:24 - 2015-03-14 12:24 - 00013248 _____ () C:\Users\Rusty\Downloads\hijackthis (1).log
2015-03-14 12:18 - 2015-03-14 12:18 - 00013248 _____ () C:\Users\Rusty\Desktop\hijackthis.log
2015-03-11 19:21 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 19:21 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 19:21 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 19:21 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 19:21 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 19:21 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 19:21 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 19:21 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 19:21 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 19:21 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 19:20 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 19:20 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 19:20 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 19:20 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 19:20 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 19:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 19:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 19:20 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 19:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 19:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 19:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 19:20 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 19:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 19:20 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 19:20 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 19:20 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 19:20 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 19:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 19:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 19:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 19:20 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 19:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 19:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 19:20 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 19:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 19:20 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 19:19 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-11 19:19 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 19:19 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-11 19:18 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 19:18 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 19:18 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 19:18 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 19:18 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 19:18 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 19:18 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 19:18 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 19:18 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 19:18 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 19:18 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 19:18 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 19:18 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 19:18 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 19:18 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 19:18 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 19:18 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 19:18 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 19:18 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 19:18 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 19:17 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 19:17 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 19:17 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 19:17 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 19:17 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 19:17 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 19:17 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 19:17 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 19:17 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 19:17 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 19:17 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 19:17 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 19:17 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 19:17 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 19:17 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 19:17 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 19:17 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 19:17 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 19:17 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 19:17 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 19:17 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 19:17 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 19:17 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 19:17 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 19:17 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 19:17 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 19:16 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 19:16 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 19:16 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 19:16 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 19:16 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 19:16 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 19:16 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 19:16 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 19:16 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 19:16 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 19:16 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 19:16 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 19:16 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 19:16 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 19:16 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 19:16 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 19:16 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 19:16 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 19:16 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 19:16 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 19:16 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 19:16 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 19:16 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 19:16 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 19:16 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 19:16 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 19:16 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 19:16 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 19:16 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 19:16 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 19:16 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 19:16 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 19:16 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 19:16 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 19:16 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 19:16 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 19:16 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-08 11:56 - 2015-03-08 11:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-08 11:56 - 2015-03-08 11:56 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-08 11:56 - 2015-03-08 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-08 11:51 - 2015-03-08 11:51 - 42096984 _____ (Apple Inc.) C:\Users\Rusty\Downloads\QuickTimeInstaller(1).exe
2015-03-08 11:23 - 2015-03-08 11:23 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-08 11:20 - 2015-03-08 11:20 - 05574608 _____ (AVAST Software) C:\Users\Rusty\Downloads\avastclear.exe
2015-03-08 11:17 - 2015-03-08 11:17 - 00223098 _____ () C:\Users\Rusty\Downloads\avgremover.log
2015-03-08 11:16 - 2015-03-08 11:16 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Rusty\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-03-08 11:06 - 2015-03-08 11:06 - 00896048 _____ () C:\Users\Rusty\Downloads\Norton_Removal_Tool(1).exe
2015-03-05 23:27 - 2013-09-03 18:19 - 00000833 _____ () C:\windows\system32\Drivers\etc\hosts.20150305-222757.backup
2015-03-05 22:53 - 2015-03-05 22:53 - 00991232 _____ () C:\Users\Rusty\Downloads\MicrosoftFixit50267.msi
2015-03-05 22:03 - 2015-03-05 22:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rusty\Desktop\HijackThis.exe
2015-03-05 22:00 - 2015-03-05 22:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rusty\Downloads\HijackThis(1).exe
2015-03-04 19:34 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150304-183454.backup
2015-03-03 22:20 - 2015-03-03 22:20 - 00000000 ____D () C:\Users\Rusty\Documents\ProcAlyzer Dumps
2015-03-03 19:16 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150303-181633.backup
2015-03-03 19:14 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150303-181428.backup
2015-03-01 21:09 - 2015-03-01 21:09 - 00054832 _____ () C:\Users\Rusty\Desktop\AVSCAN-20150301-144101-810B99F3.LOG
2015-02-25 23:46 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 23:46 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 23:46 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 23:46 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-25 09:11 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 09:11 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 12:34 - 2011-10-08 18:57 - 00000000 ____D () C:\Users\Rusty\AppData\Roaming\Skype
2015-03-14 12:18 - 2014-11-23 20:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 12:18 - 2014-08-15 11:23 - 00000000 ____D () C:\Users\Rusty\AppData\Local\Adobe
2015-03-14 12:17 - 2011-07-20 17:39 - 01496654 _____ () C:\windows\WindowsUpdate.log
2015-03-14 12:16 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 12:16 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 12:14 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-14 12:09 - 2014-11-23 20:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 12:09 - 2013-01-29 23:15 - 00000354 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-03-14 12:07 - 2015-02-11 04:52 - 00001848 _____ () C:\windows\setupact.log
2015-03-14 12:07 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-12 17:36 - 2013-04-23 17:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 08:58 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-12 08:13 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 07:20 - 2009-07-14 00:45 - 04976256 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 07:17 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 07:17 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 07:16 - 2015-02-11 04:51 - 00023954 _____ () C:\windows\PFRO.log
2015-03-12 00:50 - 2011-08-26 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 00:49 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
2015-03-12 00:42 - 2011-08-27 12:13 - 00000039 _____ () C:\windows\vbaddin.ini
2015-03-12 00:31 - 2013-08-14 03:02 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 00:26 - 2014-11-23 20:07 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 00:17 - 2011-08-27 10:49 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-08 11:52 - 2011-08-29 15:51 - 00000000 ____D () C:\Users\Rusty\Documents\Outlook Files
2015-03-08 11:08 - 2011-07-20 18:05 - 00000000 ____D () C:\ProgramData\Norton
2015-03-07 11:08 - 2015-01-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-07 11:08 - 2013-09-14 01:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 08:13 - 2015-01-27 08:10 - 00000239 _____ () C:\windows\wininit.ini
2015-03-06 08:13 - 2015-01-26 23:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-04 19:34 - 2009-07-13 22:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.old
2015-03-04 06:54 - 2015-01-25 15:09 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-03-04 06:54 - 2015-01-25 15:03 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-03-04 06:54 - 2015-01-25 15:03 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-02-26 04:17 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-02-20 22:50 - 2012-04-15 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 22:49 - 2011-10-08 18:56 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2013-06-05 17:54 - 2013-06-05 17:54 - 0000132 _____ () C:\Users\Rusty\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-08-27 17:37 - 2011-08-27 17:37 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\Galaxy Swirl
2011-08-27 17:39 - 2011-08-28 14:41 - 0000000 _____ () C:\Users\Rusty\AppData\Roaming\Generic
2011-08-27 18:09 - 2011-10-07 12:29 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\Guitar
2011-10-07 12:30 - 2011-10-07 12:30 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\Guitars
2011-08-27 18:09 - 2011-10-07 12:29 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\HAL
2011-12-11 18:32 - 2014-12-22 23:05 - 0000633 _____ () C:\Users\Rusty\AppData\Roaming\pacemaker.ini
2011-12-11 18:32 - 2011-12-11 18:32 - 0000010 _____ () C:\Users\Rusty\AppData\Roaming\pacemaker_songparams.txt
2011-08-27 17:50 - 2011-08-27 17:50 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\Piano Hard
2011-08-27 17:50 - 2011-08-27 17:50 - 0000268 ___RH () C:\Users\Rusty\AppData\Roaming\Piano Med
2011-10-24 00:59 - 2011-10-24 00:59 - 0007597 _____ () C:\Users\Rusty\AppData\Local\Resmon.ResmonCfg
2011-08-28 14:41 - 2011-10-07 12:29 - 0000000 _____ () C:\ProgramData\Font Book
2011-08-27 17:37 - 2011-08-27 17:37 - 0000268 ___RH () C:\ProgramData\Grapher
2011-10-07 12:29 - 2011-10-07 12:29 - 0000000 _____ () C:\ProgramData\Guides
2011-10-07 12:29 - 2011-10-07 12:29 - 0000000 _____ () C:\ProgramData\Guitars
2011-08-27 17:37 - 2011-08-27 17:37 - 0000012 ___RH () C:\ProgramData\Halftone
2011-10-07 12:29 - 2011-10-07 12:29 - 0000268 ___RH () C:\ProgramData\Help
2011-10-07 12:30 - 2011-10-07 12:30 - 0000268 ___RH () C:\ProgramData\Helper Scripts
2011-10-07 12:29 - 2011-10-07 12:29 - 0000268 ___RH () C:\ProgramData\Hip Hop
2011-10-07 12:29 - 2011-10-07 12:29 - 0000012 ___RH () C:\ProgramData\Image Manipulation
2011-10-07 12:30 - 2011-10-07 12:30 - 0000012 ___RH () C:\ProgramData\Images
2011-10-07 12:29 - 2011-10-07 12:29 - 0000012 ___RH () C:\ProgramData\InkjetPrinter
2011-08-27 17:50 - 2011-08-27 17:50 - 0000268 ___RH () C:\ProgramData\Pipe Organ
2011-08-27 17:48 - 2012-07-19 16:14 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-08-27 17:50 - 2011-08-27 17:50 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2011-08-27 17:37 - 2015-02-02 23:26 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-08-27 17:39 - 2011-08-28 14:41 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2011-08-27 18:09 - 2011-10-07 12:30 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-08-27 18:09 - 2013-02-22 21:15 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-08-27 18:09 - 2011-10-16 18:36 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2011-08-27 17:50 - 2011-08-27 17:50 - 0000268 ___RH () C:\ProgramData\Planets
2011-08-27 17:50 - 2011-08-27 17:50 - 0000012 ___RH () C:\ProgramData\Vocal Transformer
2011-08-27 17:50 - 2011-08-27 17:50 - 0000012 ___RH () C:\ProgramData\WebServer
 
Some content of TEMP:
====================
C:\Users\Rusty\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-12 08:05
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 18 March 2015 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {C0114F18-AC58-4188-9C8B-3FE75FAFCA77} ->  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\user.js [2014-11-25]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml [2013-06-20]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira SafeSearch - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\safesearch@avira.com [2015-02-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {137912A9-F4D9-48C8-9409-1B1533A77151} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml 

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 24 March 2015 - 10:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 29 March 2015 - 03:43 PM

This topic has been re-opened at the request of the person who originally posted.

#5 Rustykeys

Rustykeys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 29 March 2015 - 04:22 PM

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1413158129904941&q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {C0114F18-AC58-4188-9C8B-3FE75FAFCA77} ->  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4201397150-2565776483-3109990824-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\user.js [2014-11-25]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml [2013-06-20]
FF SearchPlugin: C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira SafeSearch - C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\safesearch@avira.com [2015-02-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {137912A9-F4D9-48C8-9409-1B1533A77151} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
"HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0114F18-AC58-4188-9C8B-3FE75FAFCA77}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C0114F18-AC58-4188-9C8B-3FE75FAFCA77} => Key not found.
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-4201397150-2565776483-3109990824-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\user.js => Moved successfully.
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\avira-safesearch.xml => Moved successfully.
C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\Extensions\safesearch@avira.com => Moved successfully.
C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
DgiVecp => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{137912A9-F4D9-48C8-9409-1B1533A77151}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{137912A9-F4D9-48C8-9409-1B1533A77151}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully.
"C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\askcom.xml" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 11:08:24 ====

# AdwCleaner v4.113 - Logfile created 29/03/2015 at 11:42:44
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Rusty - RUSTYS-PC
# Running from : C:\Users\Rusty\Desktop\adwcleaner_4.113.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Rusty\AppData\Local\apn
Folder Deleted : C:\Users\Rusty\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rusty\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Rusty\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Rusty\AppData\Roaming\Systweak
File Deleted : C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\invalidprefs.js
File Deleted : C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Rusty\AppData\Roaming\Mozilla\Firefox\Profiles\svemughk.default\searchplugins\safesearch.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\iMeshSRTB
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[svemughk.default\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[svemughk.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Bing,Amazon.com,Ask.com,DuckDuckGo,eBay,MyStart Search,Norton Safe Search,Twitter,Wikipedia (en)");
[svemughk.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15622");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116778&tt=031012_IKAN_4112_3");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.712:24:37");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14b227dc2d79-0bd57eb29815dc-46544136-0-14b227dc2d92a\"");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_expires_at", "1428241678");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"14e8456fda3ecaa10d302abd434a0ed4254b762f\"");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_userid", "5806409914");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_utoken", "\"eb187b98bee01ce19a62ca11b567fe7af4c57505\"");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1422212842225");
[svemughk.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.search_offer_disabled", "true");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Rusty\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [15735 bytes] - [29/03/2015 11:26:12]
AdwCleaner[S0].txt - [15631 bytes] - [29/03/2015 11:42:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15691  bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 30 March 2015 - 08:04 AM

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 04 April 2015 - 07:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 Rustykeys

Rustykeys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 04 April 2015 - 02:12 PM

Sorry took so long to get back. Really hectic week. PC is still running terribly. 'Bout ready to throw it out the window. Pretty much have to use my tablet and cell to do anything.
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 05 April 2015 - 06:51 AM


Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

===

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

Let me know what type of issues you are having with this computer.

#10 Rustykeys

Rustykeys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 05 April 2015 - 10:48 AM

Once I sign on takes 70 or more seconds to load start up items. Then I still have to wait if I want to check Outlook, or open Firefox which takes forever. I should've timed it how long it takes from turn on to the time it takes for me to get to your message. The constant refreshing and not responding has gotten better yet still occurs. I'm also on a totally different network from when I started texting with my problems but problems are still the same. I'm wondering if I have a memory problem, not enough set aside to be used or too much of it being used. Here's the FSS.txt file.

 

Farbar Service Scanner Version: 17-01-2015
Ran by Rusty (administrator) on 05-04-2015 at 11:40:40
Running from "C:\Users\Rusty\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 05 April 2015 - 12:10 PM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#12 Rustykeys

Rustykeys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 April 2015 - 09:46 AM

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Rusty (administrator) on 06-04-2015 at 10:27:00
Running from "C:\Users\Rusty\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite L755 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com

There are 15474 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Rustys-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.pace.com

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : E8-9A-8F-11-82-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : D0-DF-9A-7F-0C-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c4b:fe84:6b7b:c765%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.77(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 06, 2015 9:30:01 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 07, 2015 9:30:01 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 248569754
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B9-05-A2-D0-DF-9A-7F-0C-14
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.pace.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:8e:46e:93b9:7147(Preferred)
   Link-local IPv6 Address . . . . . : fe80::8e:46e:93b9:7147%21(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
      216.58.216.78


Pinging google.com [216.58.216.78] with 32 bytes of data:
Reply from 216.58.216.78: bytes=32 time=30ms TTL=55
Reply from 216.58.216.78: bytes=32 time=36ms TTL=55

Ping statistics for 216.58.216.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 36ms, Average = 33ms
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=91ms TTL=48
Reply from 206.190.36.45: bytes=32 time=86ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 91ms, Average = 88ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...e8 9a 8f 11 82 8a ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...d0 df 9a 7f 0c 14 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.77     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.77    281
     192.168.1.77  255.255.255.255         On-link      192.168.1.77    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.77    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.77    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.77    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 21     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 21     58 2001::/32                On-link
 21    306 2001:0:9d38:90d7:8e:46e:93b9:7147/128
                                    On-link
 11    281 fe80::/64                On-link
 21    306 fe80::/64                On-link
 21    306 fe80::8e:46e:93b9:7147/128
                                    On-link
 11    281 fe80::8c4b:fe84:6b7b:c765/128
                                    On-link
  1    306 ff00::/8                 On-link
 21    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2015 10:12:48 AM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 7.1.59.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e50

Start Time: 01d0706ddbe8bac3

Termination Time: 15

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (04/06/2015 09:30:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2015 11:14:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 02:58:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:54:40 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 7.1.59.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c44

Start Time: 01d06bfcedbcd705

Termination Time: 35

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (03/31/2015 05:52:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 06:36:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:10:40 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 7.1.59.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e70

Start Time: 01d06a374d2e49d3

Termination Time: 19

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (03/29/2015 11:44:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 11:43:23 AM) (Source: TOSHIBA Service Station) (User: )
Description: The following module failed to stop processing: PC Health Info Connection. Error: Operation failed.


System errors:
=============
Error: (04/06/2015 09:30:26 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (04/06/2015 09:29:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/05/2015 02:56:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/05/2015 11:14:19 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (04/05/2015 11:13:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/04/2015 03:41:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/04/2015 02:58:34 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (04/04/2015 02:58:33 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 02:58:33 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/04/2015 02:57:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126


Microsoft Office Sessions:
=========================
Error: (04/06/2015 10:12:48 AM) (Source: Application Hang)(User: )
Description: Skype.exe7.1.59.105e5001d0706ddbe8bac315C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (04/06/2015 09:30:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2015 11:14:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 02:58:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:54:40 PM) (Source: Application Hang)(User: )
Description: Skype.exe7.1.59.105c4401d06bfcedbcd70535C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (03/31/2015 05:52:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 06:36:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 00:10:40 PM) (Source: Application Hang)(User: )
Description: Skype.exe7.1.59.105e7001d06a374d2e49d319C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (03/29/2015 11:44:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 11:43:23 AM) (Source: TOSHIBA Service Station)(User: )
Description: The following module failed to stop processing: PC Health Info Connection. Error: Operation failed.


**** End of log ****
 



#13 Rustykeys

Rustykeys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 April 2015 - 09:55 AM

90 seconds to load my home page, 10 seconds to load this page.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 06 April 2015 - 01:01 PM

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 11 April 2015 - 08:40 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users