Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads everywhere,opens new tabs and new pages


  • This topic is locked This topic is locked
52 replies to this topic

#1 Jen42

Jen42

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 03 April 2015 - 06:42 PM

There are ads all over the page I'm looking at.  Coming from specific words.  Opening new tabs, and new windows.

 

I have noticed words like companion, interyeild, mrktads.

 

Please help

 

Using windows 7 home premium and Firefox

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mum (administrator) on MUM-PC on 04-04-2015 10:26:13
Running from C:\Users\Mum\Downloads
Loaded Profiles: Mum & InfoSmartDB (Available profiles: Mum & InfoSmartDB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\postgres.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\postgres.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\postgres.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Fisher && Paykel Healthcare) C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\InfoSmartServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
() C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
(Fisher && Paykel Healthcare) C:\ProgramData\Fisher & Paykel Healthcare\InfoSmart\Client\SmartTalk.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Fisher & Paykel Healthcare) C:\Users\Mum\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-31] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\Run: [Weather Tracker3] => C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe [2888403 2009-07-17] ()
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\MountPoints2: I - I:\InfoSmart.exe
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\MountPoints2: {4779c7f1-1eb3-11e1-b700-4487fc4acb3c} - "L:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-21-4291750648-2326010913-3213065728-1212\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\F&P InfoSmart System Tray.lnk
ShortcutTarget: F&P InfoSmart System Tray.lnk -> C:\ProgramData\Fisher & Paykel Healthcare\InfoSmart\Client\SmartTalk.exe (Fisher && Paykel Healthcare)
Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk
ShortcutTarget: InfoUSB Detector.lnk -> C:\Users\Mum\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe (Fisher & Paykel Healthcare)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * cbunat

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4291750648-2326010913-3213065728-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-4291750648-2326010913-3213065728-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-02] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-02] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\w9tf07ay.default-1399942819284
FF Homepage: https://www.facebook.com/|hxxp://www.deviantart.com/messages/|hxxp://www.artfire.com/modules.php?name=my_artfire_beta|https://plus.google.com/u/0/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Extension: a1109c2a11874027901d13097b755625 - C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\w9tf07ay.default-1399942819284\Extensions\{a1109c2a-1187-4027-901d-13097b755625} [2015-04-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-15]

Chrome:
=======
CHR Profile: C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (news.net) - C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai [2013-07-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-17] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-02] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 InfoSmartDB-8.4; C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\pg_ctl.exe [66048 2010-09-08] (PostgreSQL Global Development Group) [File not signed]
R2 InfoSmartServer; C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\InfoSmartServer.exe [56832 2010-09-15] (Fisher && Paykel Healthcare) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-13] (GFI Software)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-02] (Avast Software)
R3 vdbus; C:\Windows\System32\DRIVERS\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 10:26 - 2015-04-04 10:27 - 00020896 _____ () C:\Users\Mum\Downloads\FRST.txt
2015-04-04 10:26 - 2015-04-04 10:26 - 00000000 ____D () C:\FRST
2015-04-04 10:23 - 2015-04-04 10:23 - 02095616 _____ (Farbar) C:\Users\Mum\Downloads\FRST64.exe
2015-04-04 10:06 - 2015-04-04 10:07 - 02208768 _____ () C:\Users\Mum\Downloads\adwcleaner_4.200(1).exe
2015-04-04 10:05 - 2015-04-04 10:05 - 00086553 _____ () C:\Users\Mum\Desktop\JRT.txt
2015-04-04 09:59 - 2015-04-04 09:59 - 02208768 _____ () C:\Users\Mum\Downloads\adwcleaner_4.200.exe
2015-04-04 09:59 - 2015-04-04 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MUM-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 09:59 - 2015-04-04 09:59 - 00000000 ____D () C:\RegBackup
2015-04-04 09:57 - 2015-04-04 09:57 - 02690981 _____ (Thisisu) C:\Users\Mum\Downloads\JRT.exe
2015-04-03 21:43 - 2015-04-03 21:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mum\Downloads\HijackThis.exe
2015-04-03 16:26 - 2015-04-04 10:13 - 00002285 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-03 16:26 - 2015-04-03 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-04-03 16:19 - 2015-04-03 16:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-04-03 16:06 - 2015-04-03 16:14 - 02057008 _____ () C:\Users\Mum\Downloads\Adaware_Installer(2).exe
2015-04-03 12:10 - 2015-04-03 12:10 - 00004058 _____ () C:\Windows\system32\bddel.dat
2015-04-02 12:48 - 2015-04-03 08:01 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-02 12:12 - 2015-04-02 12:12 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4291750648-2326010913-3213065728-1001
2015-04-02 11:49 - 2015-04-04 10:15 - 00001018 _____ () C:\Windows\Tasks\lmmkqHyQIXO6p57Q3uabwx29wNl.job
2015-04-02 11:49 - 2015-04-04 10:15 - 00000726 _____ () C:\Windows\Tasks\roller_coaster_park_updating_service.job
2015-04-02 11:49 - 2015-04-02 11:49 - 00004036 _____ () C:\Windows\System32\Tasks\lmmkqHyQIXO6p57Q3uabwx29wNl
2015-04-02 11:49 - 2015-04-02 11:49 - 00003742 _____ () C:\Windows\System32\Tasks\roller_coaster_park_updating_service
2015-04-02 11:48 - 2015-04-04 10:15 - 00001364 _____ () C:\Windows\Tasks\roller_coaster_park_notification_service.job
2015-04-02 11:48 - 2015-04-03 12:10 - 00000000 ____D () C:\Program Files (x86)\roller coaster park
2015-04-01 08:40 - 2015-04-02 11:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 19:14 - 2015-03-31 19:14 - 00004387 _____ () C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl
2015-03-27 16:39 - 2015-03-27 16:39 - 00000000 ____D () C:\Users\Mum\Downloads\Crochet Doilies (collection) By Patricia Kristoffersen
2015-03-25 08:33 - 2015-03-11 15:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 08:33 - 2015-03-11 15:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 08:33 - 2015-03-11 15:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 08:33 - 2015-03-11 15:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 08:33 - 2015-03-11 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 08:33 - 2015-03-11 15:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 08:33 - 2015-03-11 15:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 08:33 - 2015-03-11 15:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-14 18:36 - 2015-03-14 19:39 - 00002700 _____ () C:\Users\Mum\Desktop\CSVData.csv
2015-03-11 08:34 - 2015-02-20 15:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:34 - 2015-02-20 15:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:34 - 2015-02-20 15:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:34 - 2015-02-20 15:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:34 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:34 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:34 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:34 - 2015-02-20 15:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:34 - 2015-02-20 14:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:34 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:34 - 2015-02-03 14:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:34 - 2015-02-03 14:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:34 - 2015-02-03 14:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:34 - 2015-02-03 14:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:34 - 2015-02-03 14:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:34 - 2015-02-03 14:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:34 - 2015-02-03 14:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:34 - 2015-02-03 14:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:34 - 2015-02-03 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:34 - 2015-02-03 14:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:34 - 2015-02-03 14:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:34 - 2015-02-03 14:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:34 - 2015-02-03 14:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:34 - 2015-02-03 14:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:34 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:34 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:34 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:34 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:34 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:34 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:34 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:34 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:34 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:34 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:34 - 2015-02-03 13:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:34 - 2014-11-01 09:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:33 - 2015-03-06 16:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:33 - 2015-03-06 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:33 - 2015-03-06 16:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:33 - 2015-03-06 16:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:33 - 2015-03-06 16:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:33 - 2015-03-06 16:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:33 - 2015-03-06 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:33 - 2015-03-06 16:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:33 - 2015-03-06 16:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:33 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:33 - 2015-03-06 16:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:33 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:33 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:33 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:33 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:33 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:33 - 2015-02-13 16:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:33 - 2015-02-03 14:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:33 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:33 - 2015-01-31 14:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:33 - 2015-01-31 14:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:33 - 2015-01-31 10:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:33 - 2015-01-31 10:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:32 - 2015-02-26 14:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:32 - 2015-02-24 14:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:32 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:32 - 2015-02-21 12:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:32 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:32 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:32 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:32 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:32 - 2015-02-21 10:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:32 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:32 - 2015-02-20 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:32 - 2015-02-20 14:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:32 - 2015-02-20 13:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:32 - 2015-02-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:32 - 2015-02-20 13:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:32 - 2015-02-20 13:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:32 - 2015-02-20 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:32 - 2015-02-20 13:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:32 - 2015-02-20 13:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:32 - 2015-02-20 13:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:32 - 2015-02-20 13:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:32 - 2015-02-20 13:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:32 - 2015-02-20 13:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:32 - 2015-02-20 13:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:32 - 2015-02-20 13:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:32 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:32 - 2015-02-20 13:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:32 - 2015-02-20 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:32 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:32 - 2015-02-20 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:32 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:32 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:32 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:32 - 2015-02-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:32 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:32 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:32 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:32 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:32 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:32 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:32 - 2015-02-20 12:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:32 - 2015-02-20 12:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:32 - 2015-02-20 12:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:32 - 2015-02-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:32 - 2015-02-20 12:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:32 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:32 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:32 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:32 - 2015-02-20 12:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:32 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:32 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:32 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:32 - 2015-02-20 12:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:32 - 2015-02-20 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:32 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:32 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:32 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:32 - 2015-02-03 14:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:32 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:32 - 2015-01-17 13:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:32 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 08:30 - 2015-02-04 14:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:30 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 00000197 _____ () C:\Windows\system32\2015-03-10-21-10-16.031-AvastVBoxSVC.exe-3524.log
2015-03-10 08:25 - 2015-03-10 08:26 - 00000197 _____ () C:\Windows\system32\2015-03-09-21-25-35.053-AvastVBoxSVC.exe-3916.log
2015-03-09 08:53 - 2015-03-09 08:53 - 00000197 _____ () C:\Windows\system32\2015-03-08-21-53-15.083-AvastVBoxSVC.exe-4452.log
2015-03-08 09:10 - 2015-03-08 09:11 - 00000197 _____ () C:\Windows\system32\2015-03-07-22-10-59.027-AvastVBoxSVC.exe-3800.log
2015-03-07 08:40 - 2015-03-07 08:40 - 00000197 _____ () C:\Windows\system32\2015-03-06-21-40-20.001-AvastVBoxSVC.exe-3940.log
2015-03-06 08:16 - 2015-03-06 08:16 - 00000197 _____ () C:\Windows\system32\2015-03-05-21-16-07.055-AvastVBoxSVC.exe-3584.log
2015-03-05 08:27 - 2015-03-05 08:28 - 00000197 _____ () C:\Windows\system32\2015-03-04-21-27-36.096-AvastVBoxSVC.exe-3428.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 10:27 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:27 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:21 - 2012-08-03 11:33 - 01845050 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 10:19 - 2009-07-14 16:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 10:13 - 2014-02-13 17:11 - 00000000 ____D () C:\Users\InfoSmartDB
2015-04-04 10:13 - 2013-11-26 06:57 - 00039504 _____ () C:\Windows\setupact.log
2015-04-04 10:13 - 2013-11-15 10:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-04 10:13 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 10:12 - 2013-12-11 12:05 - 00000000 ____D () C:\AdwCleaner
2015-04-04 09:55 - 2012-04-03 09:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 09:17 - 2014-08-25 15:47 - 00000000 ____D () C:\Users\Mum\AppData\Local\Adobe
2015-04-04 08:44 - 2013-11-26 06:56 - 00354748 _____ () C:\Windows\PFRO.log
2015-04-03 21:35 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\tracing
2015-04-03 16:02 - 2014-12-18 11:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 07:25 - 2012-04-26 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 21:18 - 2011-11-28 16:44 - 00000000 ____D () C:\Users\Mum\AppData\Roaming\uTorrent
2015-03-27 16:38 - 2013-10-02 13:10 - 00000851 _____ () C:\Users\Mum\Desktop\µTorrent.lnk
2015-03-27 16:38 - 2013-10-02 13:10 - 00000831 _____ () C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-03-26 08:19 - 2014-12-11 08:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 08:19 - 2014-04-30 22:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-16 09:59 - 2012-04-03 09:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-16 09:58 - 2012-04-03 09:12 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-16 09:58 - 2011-11-27 16:53 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-16 08:24 - 2013-04-15 21:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-12 08:55 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 07:51 - 2009-07-14 16:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 07:23 - 2013-11-26 06:56 - 05005464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 07:21 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 07:21 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 21:39 - 2009-10-13 14:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:30 - 2013-08-15 22:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 21:24 - 2011-11-27 15:40 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-10-13 14:06 - 2009-02-11 06:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2013-03-13 10:15 - 2014-06-24 11:59 - 0000132 _____ () C:\Users\Mum\AppData\Roaming\Adobe GIF Format CS5 Prefs
2011-12-24 16:27 - 2015-01-10 12:06 - 0000132 _____ () C:\Users\Mum\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-31 19:14 - 2015-03-31 19:14 - 0004387 _____ () C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl
2012-05-06 12:33 - 2013-03-13 10:30 - 0001456 _____ () C:\Users\Mum\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-03-25 23:25 - 2013-03-25 23:25 - 0105698 _____ () C:\Users\Mum\AppData\Local\ars.cache
2013-03-25 20:38 - 2013-03-25 20:38 - 0000036 _____ () C:\Users\Mum\AppData\Local\housecall.guid.cache
2014-07-21 15:16 - 2014-07-21 15:16 - 0005684 _____ () C:\Users\Mum\AppData\Local\recently-used.xbel
2011-11-27 13:54 - 2011-11-27 13:57 - 0008399 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-10-13 14:07 - 2009-07-18 12:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2012-09-19 09:39 - 2012-09-19 09:39 - 0000120 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-11-27 14:10 - 2011-11-27 14:10 - 0000091 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Mum\AppData\Local\Temp\CB_setup.exe
C:\Users\Mum\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mum\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mum\AppData\Local\Temp\Quarantine.exe
C:\Users\Mum\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mum\AppData\Local\Temp\SpOrder.dll
C:\Users\Mum\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 09:15

==================== End Of Log ============================


Edited by Jen42, 03 April 2015 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 04 April 2015 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\S-1-5-21-4291750648-2326010913-3213065728-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (news.net) - C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai [2013-07-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
C:\Users\Mum\AppData\Local\Temp\CB_setup.exe
C:\Users\Mum\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mum\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mum\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mum\AppData\Local\Temp\SpOrder.dll
C:\Users\Mum\AppData\Local\Temp\sqlite3.dll
C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 04 April 2015 - 09:01 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mum at 2015-04-05 11:24:50 Run:1
Running from C:\Users\Mum\Desktop
Loaded Profiles: Mum & InfoSmartDB (Available profiles: Mum & InfoSmartDB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\S-1-5-21-4291750648-2326010913-3213065728-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (news.net) - C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai [2013-07-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
C:\Users\Mum\AppData\Local\Temp\CB_setup.exe
C:\Users\Mum\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mum\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mum\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mum\AppData\Local\Temp\SpOrder.dll
C:\Users\Mum\AppData\Local\Temp\sqlite3.dll
C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
Lavasoft Kernexplorer => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Users\Mum\AppData\Local\Temp\CB_setup.exe => Moved successfully.
C:\Users\Mum\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mum\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Mum\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Mum\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Mum\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-05 11:27:30)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 11:27:30 ====

 

 

# AdwCleaner v4.200 - Logfile created 05/04/2015 at 11:46:12
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mum - MUM-PC
# Running from : C:\Users\Mum\Desktop\adwcleaner_4.200(2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3513 bytes] - [11/12/2013 11:05:15]
AdwCleaner[R1].txt - [1287 bytes] - [03/01/2014 10:38:17]
AdwCleaner[R2].txt - [11477 bytes] - [04/04/2015 09:07:34]
AdwCleaner[R3].txt - [468 bytes] - [05/04/2015 11:36:29]
AdwCleaner[R4].txt - [1253 bytes] - [05/04/2015 11:39:24]
AdwCleaner[S0].txt - [3565 bytes] - [11/12/2013 14:50:18]
AdwCleaner[S1].txt - [1356 bytes] - [03/01/2014 10:39:25]
AdwCleaner[S2].txt - [11674 bytes] - [04/04/2015 09:12:00]
AdwCleaner[S3].txt - [1181 bytes] - [05/04/2015 11:46:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1240  bytes] ##########
 

 

I ran awdcleaner before I asked for help as well.

 

The problem is still there.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 05 April 2015 - 07:06 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Keep me posted.

#5 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 05 April 2015 - 09:04 PM

Still there.

 

thanks for your help, this is so frustrating



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 06 April 2015 - 07:29 AM


Which browser is compromised?
Remove it and re-install it as per the follow instructions.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

#7 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 06 April 2015 - 07:44 PM

It's Firefox I'm using.  I uninstalled and reinstalled.  And restarted the computer.

 

It's still there



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 07 April 2015 - 07:04 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 07 April 2015 - 05:41 PM

RogueKiller V10.5.9.0 [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mum [Administrator]
Started from : C:\Users\Mum\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/08/2015  08:38:41

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] SmartTalk.exe(1648) -- C:\ProgramData\Fisher & Paykel Healthcare\InfoSmart\Client\SmartTalk.exe[-] -> Killed [TermProc]
[Suspicious.Path] InfoUSBDetector.exe(5072) -- C:\Users\Mum\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{755CAEEB-C9B4-460B-8B89-51DF3F48839E} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{755CAEEB-C9B4-460B-8B89-51DF3F48839E} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{755CAEEB-C9B4-460B-8B89-51DF3F48839E} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] lmmkqHyQIXO6p57Q3uabwx29wNl.job -- C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl.exe (--c=pYUkmfSrWzVZdH4a2rra4Z54DYL5QIy0Hvze/gzoxiE/mNL3xdD8h7pkZaqLZxZ+GKBSlhxxmmOQWc/z2ejyg9OQgKnhOLbH9h0WQtZYo9iudonD5aKrKfhKOD2fmqda/babQwZmIRrdD9sGUE6joZG7faT6ywgDJJ4SYwhDm+4/6jHpEMRZ3/VBN/B347nssDwh3EKIHog0N290rEhaqvs++cGJX7Is6r5Dou2V/YABU0qIdiO8F0/raJw430yHwopy9V5sRjRRKknv3VRkKZsZ6QbmGywxCGPqjnB1IJeK6FwerXP2xBEb/IKh0300Z0a9qo9VRn7vQeFFlVqkow==) -> Deleted
[Suspicious.Path] \\lmmkqHyQIXO6p57Q3uabwx29wNl -- C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl.exe (--c=pYUkmfSrWzVZdH4a2rra4Z54DYL5QIy0Hvze/gzoxiE/mNL3xdD8h7pkZaqLZxZ+GKBSlhxxmmOQWc/z2ejyg9OQgKnhOLbH9h0WQtZYo9iudonD5aKrKfhKOD2fmqda/babQwZmIRrdD9sGUE6joZG7faT6ywgDJJ4SYwhDm+4/6jHpEMRZ3/VBN/B347nssDwh3EKIHog0N290rEhaqvs++cGJX7Is6r5Dou2V/YABU0qIdiO8F0/raJw430yHwopy9V5sRjRRKknv3VRkKZsZ6QbmGywxCGPqjnB1IJeK6FwerXP2xBEb/IKh0300Z0a9qo9VRn7vQeFFlVqkow==) -> Deleted
[Suspicious.Path] \\McQcModifier-5c47-a7b0 -- C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd -> Deleted
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Deleted

¤¤¤ Files : 2 ¤¤¤
[Suspicious.Path][File] InfoUSB Detector.lnk -- C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk [LNK@] C:\Users\Mum\AppData\Roaming\FISHER~1\INFOUS~1\INFOUS~1.EXE -> Deleted
[Suspicious.Path][File] F&P InfoSmart System Tray.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\F&P InfoSmart System Tray.lnk [LNK@] C:\PROGRA~3\FISHER~1\INFOSM~1\Client\SMARTT~1.EXE -> Deleted

¤¤¤ Hosts File : 21 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               adobe.activate.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               adobeereg.com                        
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               www.adobeereg.com                    
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               125.252.224.90                       
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               125.252.224.91
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                               hl2rcv.adobe.com

¤¤¤ Antirootkit : 0 (Driverarrow-10x10.png: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] w9tf07ay.default-1399942819284 : user_pref("browser.startup.homepage", "https://www.facebook.com/|http://www.deviantart.com/messages/|http://www.artfire.com/modules.php?name=my_artfire_beta|https://plus.google.com/u/0/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] d02156c1d4b48bdf1eb56ad2f9ec1578
[BSP] e47db617c99edac71cdd02ea297d43b8 : Windows Vistaarrow-10x10.png/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: EPSONarrow-10x10.png Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_04082015_082451.log

 

 

 

it's still there



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 08 April 2015 - 07:24 AM

Please post the Addition.txt file that was created when you first executed the Farbar tool.

===

Did you modify the Hosts file or did you download one from the NET?

===

When was the last time you executed the ESET online scan?

==

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#11 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 09 April 2015 - 01:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mum at 2015-04-04 10:28:02
Running from C:\Users\Mum\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programsarrow-10x10.png with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.106 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirusarrow-10x10.png (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Edition - Healthy_Breakfasts_-_Volume_1 - 10030515 (x32 Version: 255.58.11 - DigitalDM) Hidden
DVDFab 8.1.7.3 (01/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON TX550W Series Printer Uninstall (HKLM\...\EPSON TX550W Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Microarrow-10x10.png)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InfoSmart (HKLM-x32\...\{EA350A81-C32B-4276-BAE2-6AF78524DEF4}) (Version: 1.1.0.9244 - Fisher & Paykel Healthcare)
InfoSmart Client (HKLM-x32\...\{81CD0A1D-6101-4388-BD54-CF6BFF80656D}) (Version: 1.1.0.9244 - Fisher & Paykel Healthcare)
InfoUSB Detector (HKLM-x32\...\{F658FD83-4745-420C-90DC-2AA3139B6E54}) (Version: 2.00.0001 - Fisher & Paykel Healthcare)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.0.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Lizard Safeguard - PDF Viewer 2.6.34 (HKLM-x32\...\Lizard Safeguard - PDF Viewer_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NVIDIA Driversarrow-10x10.png (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeaZip 4.2 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
quicksales Express Lister 2 (HKLM-x32\...\{FE1981DD-351E-407B-9DC9-8D54B753C798}) (Version: 1.0.0 - quicksales)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Weatherzone Tracker v2.04 (HKLM-x32\...\Weatherzone Tracker_is1) (Version:  - )
WicReset version 3.0.0.1 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 3.0.0.1 - TWOMANUALS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-11-2014 21:30:02 Windows Updatearrow-10x10.png
19-11-2014 07:09:07 Windows Update
19-11-2014 21:29:54 Windows Update
26-11-2014 08:10:40 Windows Update
28-11-2014 21:37:22 AA11
29-11-2014 08:34:18 Windows Update
02-12-2014 16:08:45 avast! antivirus system restore point
03-12-2014 07:37:59 Windows Update
06-12-2014 08:30:09 Windows Update
10-12-2014 09:04:26 Windows Update
10-12-2014 21:28:49 Windows Update
13-12-2014 21:39:28 Windows Update
14-12-2014 21:46:30 Windows Update
18-12-2014 11:11:59 AA11
18-12-2014 16:43:10 Windows Update
24-12-2014 08:24:10 Windows Update
31-12-2014 07:55:05 Windows Update
03-01-2015 08:50:15 Windows Update
07-01-2015 08:25:14 Windows Update
10-01-2015 08:41:04 Windows Update
14-01-2015 08:39:53 Windows Update
14-01-2015 21:21:10 Windows Update
15-01-2015 16:20:39 Device Driver Package Install: Comodo Security Solutions System devices
21-01-2015 08:49:48 Windows Update
28-01-2015 08:31:39 Windows Update
31-01-2015 08:43:15 Windows Update
04-02-2015 07:13:59 Windows Update
11-02-2015 09:27:58 Scheduled Checkpoint
11-02-2015 11:26:34 Windows Update
11-02-2015 21:58:28 Windows Update
12-02-2015 21:45:15 Windows Update
18-02-2015 08:06:29 Windows Update
21-02-2015 09:10:10 Windows Update
25-02-2015 07:27:15 Windows Update
25-02-2015 21:51:19 Windows Update
04-03-2015 08:25:48 Windows Update
07-03-2015 08:44:08 Windows Update
11-03-2015 08:24:54 Windows Update
11-03-2015 21:20:17 Windows Update
18-03-2015 08:59:07 Windows Update
25-03-2015 08:31:04 Windows Update
25-03-2015 21:37:13 Windows Update
01-04-2015 07:06:20 Windows Update
03-04-2015 16:16:43 AA11
04-04-2015 08:54:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2010-04-30 14:56 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {039FF7C7-34A8-4D5D-A272-95F452155DFC} - \6205d7fb-e736-4471-87e2-0b880e332552-3 No Task File <==== ATTENTION
Task: {15F2D797-56C1-4EE9-9C40-AA9C53B925E2} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-1 No Task File <==== ATTENTION
Task: {1798756B-202C-4FD2-A2A3-FD698A74150A} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-3 No Task File <==== ATTENTION
Task: {1A1E72EC-4E7B-40DB-95E7-1EFA1A02D92E} - System32\Tasks\{716E77BF-9B1C-4F31-8D00-B446B64CF210} => E:\setup.exe
Task: {1B98EC84-B699-4393-8589-6ABBA921CDBC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {20E5D364-E7AE-4189-9430-00485A4B0AE7} - System32\Tasks\lmmkqHyQIXO6p57Q3uabwx29wNl => C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl.exe
Task: {3075E5B3-B7A1-4E67-9176-4754F7667C77} - System32\Tasks\{6479E7D5-94DB-4456-AF30-BF340D521382} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {3A82F5BB-4A91-4F0A-80DE-823967FA28D2} - System32\Tasks\{354C72EB-EF6B-4E77-AB3F-320A5BD69FF0} => E:\setup.exe
Task: {3C1FB361-C937-42B0-B956-CBC074EF936B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {41FDA3FB-5139-4F06-B3D5-24D5092A5937} - System32\Tasks\{AC7A34D3-5ACD-4B80-AD1C-4926B9E7EB50} => E:\setup.exe
Task: {4634A0D6-31A0-4BF5-8D7A-8B53DFF20677} - System32\Tasks\{9E66E4A7-B659-4A0B-B774-3CCDAD000B20} => E:\setup.exe
Task: {46D0657B-04F7-481B-A53E-A8E9DC6B2E3F} - System32\Tasks\{539C64CA-1593-413F-B91A-8770D6DD3297} => E:\setup.exe
Task: {4E08E4AF-B41A-48C5-9ED0-361A2155A411} - System32\Tasks\{9B26BB56-3EF1-46D3-8E5C-89B259387910} => E:\setup.exe
Task: {521BC365-A98B-41B0-86FF-AF606414E38A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {5414BCEF-0E25-4B6A-814B-AB5B9210F770} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-2 No Task File <==== ATTENTION
Task: {5448B8E1-2668-4940-9FE5-89A0F144F0AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {6563E50E-D6E1-40C6-A6A4-9C5FFEC2D403} - System32\Tasks\{622AC691-2610-4996-A993-0CA336E0A749} => pcalua.exe -a C:\Users\Mum\Downloads\SmtpDiag.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {658B4E18-6940-42B3-9EE5-505D0C6D6BDC} - System32\Tasks\{D81C3763-50ED-4391-BD89-7EBB4D9BA9F3} => E:\setup.exe
Task: {69E97761-C03C-4CAA-9D94-52F2AA2595B1} - System32\Tasks\{30291703-FAB1-4B3A-810F-A2A7CD31F02B} => E:\setup.exe
Task: {6C2BCBE9-D4DA-407F-8FF3-29EA0FE75863} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {71CBD338-5164-4CE8-824C-055C3A3A7833} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {74C97AD5-14B5-4EB6-A75C-46D3C64FE13B} - System32\Tasks\{AC45CAF3-88EA-4C4F-BA13-FD0AFF3B2CFD} => E:\setup.exe
Task: {8BDE5281-2667-453F-9CD7-0E9143F7D681} - System32\Tasks\{B13FE673-C075-4598-BF9A-756F70970246} => E:\Rayman2.exe
Task: {99B21F56-8646-434A-A12A-81B97888C7FA} - \6205d7fb-e736-4471-87e2-0b880e332552-1 No Task File <==== ATTENTION
Task: {9D30FFFA-9B46-4969-8B84-51D50126EA8D} - System32\Tasks\AdobeAAMUpdater-1.0-Mum-PC-Mum => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A1EB1137-06EC-4006-8BF8-804E4357857C} - System32\Tasks\{E01038A2-C23B-4422-8490-59E628274D81} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe" -c -runfromtemp -l0x0409
Task: {ABB29739-B03B-4E40-B89B-ECC3348C4329} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {AC5A7C5C-84DE-491B-B73F-FA01A3E9E3F8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B1FA557B-A3A7-4509-9616-061C3C1AD0E4} - System32\Tasks\{CFD228B8-A85A-4570-A79E-E9B9145E8542} => E:\setup.exe
Task: {B85F176D-36CF-4ECC-A96A-B110B51193ED} - System32\Tasks\{D2BF26B6-A7F4-4E79-B898-BABBCD9EFFAC} => E:\setup.exe
Task: {BAC472C2-A254-4BF4-9005-AE3D153CFE8E} - System32\Tasks\{F1CDA005-77FC-4740-954A-C1E38CF7494A} => E:\setup.exe
Task: {BCD09292-1176-49C1-B2CE-87216BD1B5CA} - System32\Tasks\{ECFF1FB0-FB31-4227-B4A9-9A388B7F2E49} => E:\setup.exe
Task: {C220F570-8E01-405F-9032-4B403CC6F51E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C3BB8D78-4FD0-4582-BA83-D46F9CE344DA} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {C608B439-5B8A-4613-9B7D-239622C0C2EE} - \6205d7fb-e736-4471-87e2-0b880e332552-2 No Task File <==== ATTENTION
Task: {C6D73AA0-7C74-419C-ABCA-197C7705DDF4} - System32\Tasks\avastBCLRestartS-1-5-21-4291750648-2326010913-3213065728-1001 => Firefox.exe
Task: {CB6E2DAB-56C2-446A-B8BA-AEE0BBCF89AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CC72B5CA-D019-4663-BE04-342D330F2755} - System32\Tasks\{0E4452C8-0670-4BE7-83A7-91A5193890BF} => E:\setup.exe
Task: {CCE3D9F7-82DD-44FD-80E1-57EBDD3925AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16] (Adobe Systems Incorporated)
Task: {D2DCD9C9-AB7A-4C59-A52E-01A59E5C63CA} - System32\Tasks\{97BA7075-5A20-438F-A0D4-63885D4D09CC} => E:\setup.exe
Task: {D4D5A247-07B2-4611-BB2A-558429F3FE32} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D5524C34-83ED-4CD6-8445-668B8E02B12E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D8F5C98E-6ABB-4EBB-B28A-3F030FF4D53A} - \roller_coaster_park_notification_service No Task File <==== ATTENTION
Task: {E0192174-DA5B-4E08-8349-EE9459EA1674} - System32\Tasks\{9C338525-1B35-4498-86F1-72A5CD3262FD} => E:\setup.exe
Task: {E1E6986D-5A13-44F4-B2C3-815A643460FB} - System32\Tasks\{F3A642BC-0F0F-4B2C-9AAD-D56C2F6BBD52} => E:\setup.exe
Task: {E8CCBB0E-240B-4D7D-BDB0-C4933A77A337} - System32\Tasks\roller_coaster_park_updating_service => C:\Program Files (x86)\roller coaster park\roller_coaster_park_updating_service.exe
Task: {EDA5C946-CD43-47C4-B787-83395DAA4AD6} - System32\Tasks\{F3CAF54D-197B-48EA-B6A3-C44FCED24142} => E:\Rayman2.exe
Task: {EEA1CA31-4A0D-4517-AF44-C27F4D5D5E72} - System32\Tasks\{482724A6-C9B5-4ED2-B5DE-34B8E872D87B} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {F8CAF711-A4E1-4F2E-B6C0-302FD990A156} - System32\Tasks\{F67DE6FB-4230-4C16-85C4-E0EC76DC5456} => E:\setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\lmmkqHyQIXO6p57Q3uabwx29wNl.job => C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl.exe
Task: C:\Windows\Tasks\roller_coaster_park_notification_service.job => C:\Program Files (x86)\roller coaster park\roller_coaster_park_notification_service.exeï/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='roller coaster park' /appid='73143' /srcid='2913' /bic='daef4395d9fc22ef32b03c74f13a87b4' /verifier='4960be5b01a920036e96205a13c26b70' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\Windows\Tasks\roller_coaster_park_updating_service.job => C:\Program Files (x86)\roller coaster park\roller_coaster_park_updating_service.exe´ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=roller_coaster_park_updating_service /funurl=http:/stats.buildomserv.com

==================== Loaded Modules (whitelisted) ==============

2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-01-15 16:21 - 2014-10-07 21:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2015-01-15 16:21 - 2014-10-07 21:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2011-11-27 17:28 - 2009-07-17 16:53 - 02888403 _____ () C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
2009-08-18 18:27 - 2009-08-18 18:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2009-06-24 11:02 - 2009-06-24 11:02 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-28 07:38 - 2011-11-28 07:38 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-04 08:45 - 2015-04-04 08:45 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040303\algo.dll
2010-09-08 16:19 - 2010-09-08 16:19 - 00172032 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\libpq.dll
2010-09-08 16:19 - 2010-09-08 16:19 - 00976384 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\libxml2.dll
2010-09-08 16:19 - 2010-09-08 16:19 - 00059904 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\InfoSmartDB\bin\zlib1.dll
2009-02-03 11:33 - 2009-02-03 11:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 11:55 - 2008-09-29 11:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-09-15 10:40 - 2010-09-15 10:40 - 00630784 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\Castle.dll
2010-09-08 16:19 - 2010-09-08 16:19 - 00076800 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\FluentValidation.dll
2010-09-08 16:19 - 2010-09-08 16:19 - 00110592 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\AutoMapper.dll
2010-09-15 10:40 - 2010-09-15 10:40 - 03317760 _____ () C:\Program Files (x86)\Fisher & Paykel Healthcare\InfoSmart\Server\NHibernate.dll
2011-11-27 17:30 - 2015-04-04 10:15 - 00126976 _____ () C:\Users\Mum\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll
2011-11-27 17:30 - 2015-04-04 10:15 - 00012288 _____ () C:\Users\Mum\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx
2011-11-27 17:30 - 2015-04-04 10:15 - 00011776 _____ () C:\Users\Mum\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx
2011-11-27 17:30 - 2015-04-04 10:15 - 00027136 _____ () C:\Users\Mum\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx
2011-11-27 17:30 - 2015-04-04 10:15 - 00192512 _____ () C:\Users\Mum\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx
2009-08-18 18:31 - 2009-08-18 18:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-03-14 09:20 - 2015-03-14 09:20 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-16 09:58 - 2015-03-16 09:58 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4291750648-2326010913-3213065728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-4291750648-2326010913-3213065728-500 - Administrator - Disabled)
Guest (S-1-5-21-4291750648-2326010913-3213065728-501 - Limited - Disabled)
InfoSmartDB (S-1-5-21-4291750648-2326010913-3213065728-1212 - Limited - Enabled) => C:\Users\InfoSmartDB
Mum (S-1-5-21-4291750648-2326010913-3213065728-1001 - Administrator - Enabled) => C:\Users\Mum

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 10:13:22 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL:  the database system is starting up


System errors:
=============
Error: (04/04/2015 10:13:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (04/04/2015 10:12:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/04/2015 10:12:32 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/04/2015 10:12:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (04/04/2015 10:12:30 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/04/2015 10:12:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/04/2015 10:12:29 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/04/2015 10:12:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/04/2015 10:12:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/04/2015 10:11:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/04/2015 10:13:22 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL:  the database system is starting up


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 69%
Total physical RAM: 4095.14 MB
Available physical RAM: 1261.84 MB
Total Pagefile: 8188.47 MB
Available Pagefile: 4444 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:291.95 GB) (Free:2.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:292.12 GB) (Free:260.57 GB) NTFS
Drive e: (ROCK HOUSE AS HTON) (CDROM) (Total:7.45 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6DAB25A8)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=292.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

I don't remember changing the hosts file.

 

I haven't run an ESET scan for a long time.  I forgot about it.

 

Avast kept blocking minitoolbox, and said it was a suspicious file.


Edited by Jen42, 09 April 2015 - 02:07 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 09 April 2015 - 08:00 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

Task: {039FF7C7-34A8-4D5D-A272-95F452155DFC} - \6205d7fb-e736-4471-87e2-0b880e332552-3 No Task File <==== ATTENTION
Task: {15F2D797-56C1-4EE9-9C40-AA9C53B925E2} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-1 No Task File <==== ATTENTION
Task: {1798756B-202C-4FD2-A2A3-FD698A74150A} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-3 No Task File <==== ATTENTION
Task: {5414BCEF-0E25-4B6A-814B-AB5B9210F770} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-2 No Task File <==== ATTENTION
Task: {99B21F56-8646-434A-A12A-81B97888C7FA} - \6205d7fb-e736-4471-87e2-0b880e332552-1 No Task File <==== ATTENTION
Task: {C608B439-5B8A-4613-9B7D-239622C0C2EE} - \6205d7fb-e736-4471-87e2-0b880e332552-2 No Task File <==== ATTENTION
Task: {D8F5C98E-6ABB-4EBB-B28A-3F030FF4D53A} - \roller_coaster_park_notification_service No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===



I don't remember changing the hosts file


Reset it.
http://support.microsoft.com/en-us/kb/972034

Select the Windows 7 and earlier versions of Windows and run the fix it option.

===

Avast kept blocking minitoolbox, and said it was a suspicious file.

Trust it. We use it often. It could be in Avast's quarantine folder.

===

I haven't run an ESET scan for a long time. I forgot about it

If the problem is not solved run it again. As you know it takes a long time to complete. Do it when you have no need for the computer for a few hours.

Keep me posted.

#13 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 09 April 2015 - 07:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mum at 2015-04-10 09:29:57 Run:2
Running from C:\Users\Mum\Desktop
Loaded Profiles: Mum & InfoSmartDB (Available profiles: Mum & InfoSmartDB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Task: {039FF7C7-34A8-4D5D-A272-95F452155DFC} - \6205d7fb-e736-4471-87e2-0b880e332552-3 No Task File <==== ATTENTION
Task: {15F2D797-56C1-4EE9-9C40-AA9C53B925E2} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-1 No Task File <==== ATTENTION
Task: {1798756B-202C-4FD2-A2A3-FD698A74150A} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-3 No Task File <==== ATTENTION
Task: {5414BCEF-0E25-4B6A-814B-AB5B9210F770} - \944b5fda-82a5-4469-9cab-b60c4ca15acb-2 No Task File <==== ATTENTION
Task: {99B21F56-8646-434A-A12A-81B97888C7FA} - \6205d7fb-e736-4471-87e2-0b880e332552-1 No Task File <==== ATTENTION
Task: {C608B439-5B8A-4613-9B7D-239622C0C2EE} - \6205d7fb-e736-4471-87e2-0b880e332552-2 No Task File <==== ATTENTION
Task: {D8F5C98E-6ABB-4EBB-B28A-3F030FF4D53A} - \roller_coaster_park_notification_service No Task File <==== ATTENTION

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedulearrow-10x10.png\TaskCache\Logon\{039FF7C7-34A8-4D5D-A272-95F452155DFC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedulearrow-10x10.png\TaskCache\Tasks\{039FF7C7-34A8-4D5D-A272-95F452155DFC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedulearrow-10x10.png\TaskCache\Tree\6205d7fb-e736-4471-87e2-0b880e332552-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedulearrow-10x10.png\TaskCache\Logon\{15F2D797-56C1-4EE9-9C40-AA9C53B925E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedulearrow-10x10.png\TaskCache\Tasks\{15F2D797-56C1-4EE9-9C40-AA9C53B925E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\944b5fda-82a5-4469-9cab-b60c4ca15acb-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1798756B-202C-4FD2-A2A3-FD698A74150A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1798756B-202C-4FD2-A2A3-FD698A74150A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\944b5fda-82a5-4469-9cab-b60c4ca15acb-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5414BCEF-0E25-4B6A-814B-AB5B9210F770}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5414BCEF-0E25-4B6A-814B-AB5B9210F770}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\944b5fda-82a5-4469-9cab-b60c4ca15acb-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99B21F56-8646-434A-A12A-81B97888C7FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B21F56-8646-434A-A12A-81B97888C7FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6205d7fb-e736-4471-87e2-0b880e332552-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C608B439-5B8A-4613-9B7D-239622C0C2EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C608B439-5B8A-4613-9B7D-239622C0C2EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6205d7fb-e736-4471-87e2-0b880e332552-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8F5C98E-6ABB-4EBB-B28A-3F030FF4D53A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8F5C98E-6ABB-4EBB-B28A-3F030FF4D53A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\roller_coaster_park_notification_service" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 09:29:59 ====

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Mum (administrator) on 10-04-2015 at 10:07:14
Running from "C:\Users\Mum\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire M3800 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

#       ::1             localhost

========================= IP Configuration: ================================

Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mum-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BigPond

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection
   Physical Address. . . . . . . . . : 44-87-FC-4A-CB-3C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d427:710e:1e9f:425%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 10 April 2015 9:58:07 AM
   Lease Expires . . . . . . . . . . : Saturday, 11 April 2015 9:58:06 AM
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 234889623
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-64-57-76-44-87-FC-4A-CB-3C
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.BigPond:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:300c:1bc2:f5ff:ffe1(Preferred)
   Link-local IPv6 Address . . . . . : fe80::300c:1bc2:f5ff:ffe1%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  BigPond.BigPond
Address:  10.0.0.138

Name:    google.com
Addresses:  2404:6800:4006:801::200e
      216.58.220.110


Pinging google.com [216.58.220.110] with 32 bytes of data:
Reply from 216.58.220.110: bytes=32 time=47ms TTL=53
Reply from 216.58.220.110: bytes=32 time=47ms TTL=53

Ping statistics for 216.58.220.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms
Server:  BigPond.BigPond
Address:  10.0.0.138

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=288ms TTL=46
Reply from 98.139.183.24: bytes=32 time=249ms TTL=45

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 249ms, Maximum = 288ms, Average = 268ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...44 87 fc 4a cb 3c ......Intel® 82567V-2 Gigabit Network Connection
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.30     20
         10.0.0.0    255.255.255.0         On-link         10.0.0.30    276
        10.0.0.30  255.255.255.255         On-link         10.0.0.30    276
       10.0.0.255  255.255.255.255         On-link         10.0.0.30    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.30    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.30    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:300c:1bc2:f5ff:ffe1/128
                                    On-link
 10    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::300c:1bc2:f5ff:ffe1/128
                                    On-link
 10    276 fe80::d427:710e:1e9f:425/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/10/2015 09:58:11 AM) (Source: PostgreSQL) (User: )
Description: FATAL:  the database system is starting up

Error: (04/10/2015 09:31:04 AM) (Source: PostgreSQL) (User: )
Description: FATAL:  the database system is starting up

Error: (04/10/2015 09:16:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 09:14:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/10/2015 08:45:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 08:43:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/10/2015 08:11:28 AM) (Source: PostgreSQL) (User: )
Description: FATAL:  the database system is starting up

Error: (04/09/2015 09:41:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/09/2015 09:39:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/09/2015 08:37:13 AM) (Source: PostgreSQL) (User: )
Description: FATAL:  the database system is starting up


System errors:
=============
Error: (04/10/2015 09:30:08 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%109

Error: (04/10/2015 09:29:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2015 09:29:59 AM) (Source: Service Control Manager) (User: )
Description: The InfoSmart Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 09:29:59 AM) (Source: Service Control Manager) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharingarrow-10x10.png Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/10/2015 09:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/10/2015 09:58:11 AM) (Source: PostgreSQL)(User: )
Description: FATAL:  the database system is starting up

Error: (04/10/2015 09:31:04 AM) (Source: PostgreSQL)(User: )
Description: FATAL:  the database system is starting up

Error: (04/10/2015 09:16:21 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/10/2015 09:14:32 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (04/10/2015 08:45:20 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/10/2015 08:43:23 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (04/10/2015 08:11:28 AM) (Source: PostgreSQL)(User: )
Description: FATAL:  the database system is starting up

Error: (04/09/2015 09:41:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/09/2015 09:39:14 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (04/09/2015 08:37:13 AM) (Source: PostgreSQL)(User: )
Description: FATAL:  the database system is starting up


**** End of log ****
 

 

Still there, running ESET now



#14 Jen42

Jen42
  • Topic Starter

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:11:28 AM

Posted 10 April 2015 - 12:35 AM

Ran ESET

 

here's the result:

 

C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$R3HE2F2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$R3I1IB9.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RHQLFAC.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RK1PH2V.exe    Win32/DownloadAdmin.D potentially unwanted application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RK5YDD1.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RO9EV2F.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RT4MPO3.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-4291750648-2326010913-3213065728-1001\$RYCPH80.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir    Win32/Toolbar.Conduit.S potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressRip\expressripsetup_v1.92.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\04m0owwm.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Users\Mum\AppData\Roaming\lmmkqHyQIXO6p57Q3uabwx29wNl    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
C:\Windows\Installer\a4e138.msi    Win32/AlteredSoftware.A potentially unwanted application    deleted - quarantined
 

 

And it's still there


Edited by Jen42, 10 April 2015 - 01:03 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:28 PM

Posted 10 April 2015 - 07:12 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users