Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google.com/?trackid=sp-006 malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 janefs

janefs

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 PM

Posted 05 April 2015 - 04:02 AM

Hello and happy Easter/hanukkah holiday,

 

I have an annoying malware which is hi-jacking my Chrome Searches. Not affecting IE/FF/Iron browsers.

 

I have managed to spread the malware from my Laptop (64bit) to my desktop (32bit) so it may have attached itself to my google profile (maybe?). It arrived on my laptop with an entire fruit salad of malware when I inadvertently clicked on a link. I managed to get rid of all others, but this keeps recurring. 

 

Leaving aside the Laptop, I am concentrating on cleaning the desktop, so here is the FRST log for the desktop, 32bit running Windows 7 Ultimate. 

 

PC appears to be running okay, I just can't use Google search on Chrome reliably.

 

Thanks

Jane

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by StudyDesktop (administrator) on STUDYDESKTOP-PC on 05-04-2015 10:43:44
Running from C:\Users\StudyDesktop\Downloads
Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EEventManager] => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-31] (Avast Software s.r.o.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [923312 2015-03-17] (Jumping Bytes)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2015-03-27] (VoipConnect)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\StudyDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantinone.eu/
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-31] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6EC76178-A5A5-470E-87DB-8583CCCB8BDA}: [NameServer] 192.168.7.1
 
FireFox:
========
FF ProfilePath: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF Extension: Google Bookmarks for Firefox - C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi [2011-03-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm_source=evening-newsletter&utm_medium=da-newsletter&utm_content=old_england&utm_campaign=evening-nl-20140408&utm_term=no-special-tg
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-23]
CHR Extension: (Google Search) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-23]
CHR Extension: (ZenMate) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Watch UK TV Online with Adtelly.tv) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2014-12-22]
CHR Extension: (Gmail) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-31]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-31] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-31] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-31] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2015-03-04] (The OpenVPN Project)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-31] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-03-31] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-31] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-03-31] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-31] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-31] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-31] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-31] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-31] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-31] (Avast Software)
R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:43 - 2015-04-05 10:44 - 00021790 _____ () C:\Users\StudyDesktop\Downloads\FRST.txt
2015-04-05 10:43 - 2015-04-05 10:43 - 00000000 ____D () C:\FRST
2015-04-05 10:41 - 2015-04-05 10:42 - 01135104 _____ (Farbar) C:\Users\StudyDesktop\Downloads\FRST.exe
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 18:02 - 2015-04-04 18:03 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Dad Photos
2015-04-04 09:11 - 2015-04-05 09:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{89A3AE9B-2C55-4990-9691-5859511F08CA}
2015-04-03 09:48 - 2015-04-03 09:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 21:49 - 2015-04-03 09:49 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B45EE6D0-E69C-4346-B663-A17CD9A67327}
2015-04-02 09:47 - 2015-04-02 09:47 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{5C75646C-702D-48DB-87A1-1990492D77F0}
2015-04-01 08:27 - 2015-04-01 08:27 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A5686405-5E83-4EC2-B5CD-8589641CD2F2}
2015-04-01 08:18 - 2015-04-04 08:22 - 00000224 _____ () C:\Windows\setupact.log
2015-04-01 08:18 - 2015-04-01 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 19:25 - 2015-03-31 19:25 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{4D546993-C0F3-43C1-9624-6981D174518F}
2015-03-31 18:43 - 2015-03-31 18:46 - 44832392 _____ (SRWare ) C:\Users\StudyDesktop\Documents\srware_iron.exe
2015-03-31 17:41 - 2015-03-31 17:41 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-31 16:28 - 2015-03-31 16:28 - 00002063 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-31 16:28 - 2015-03-31 16:28 - 00002003 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-03-31 16:24 - 2015-03-31 16:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-31 16:24 - 2015-03-31 16:23 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-31 16:23 - 2015-03-31 16:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-31 16:22 - 2015-03-31 16:22 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-31 07:24 - 2015-03-31 07:24 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{CF53DB2E-AAD4-43AA-936C-97916890309C}
2015-03-30 11:43 - 2015-03-30 11:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{88776E74-FA59-49D4-816A-672479FB1A47}
2015-03-28 10:34 - 2015-03-29 10:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{53B999B5-EDBB-4D3F-85BC-BC180A5AFB21}
2015-03-26 10:16 - 2015-03-27 10:17 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{54E05E47-D11A-422A-832F-DBEF9516A15F}
2015-03-24 07:58 - 2015-03-24 07:59 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B3E68C9C-D3F6-4EBF-98E9-EB80699DBA3F}
2015-03-23 11:38 - 2015-03-23 11:38 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{E164BEE7-124B-47C6-839E-EBA66DBB5EC4}
2015-03-23 09:32 - 2015-03-23 09:32 - 00000895 _____ () C:\Users\Public\Desktop\PureSync.lnk
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2015-03-22 23:35 - 2015-03-22 23:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{78E5EDD5-C222-4DB6-8B18-3A724DEA6CE5}
2015-03-22 18:24 - 2015-03-22 18:25 - 00000580 __RSH () C:\Users\StudyDesktop\ntuser.pol
2015-03-22 16:51 - 2015-03-22 16:51 - 00001065 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-22 10:11 - 2015-03-22 10:11 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A4B45DC3-A20B-4BC0-8423-8E36D79B5CB2}
2015-03-20 10:07 - 2015-03-20 10:07 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{48B8C162-FF57-468F-89D8-4680FE41E8C9}
2015-03-19 08:48 - 2015-03-19 08:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{524461A2-0BBA-428A-9F5D-4CC20E060C7F}
2015-03-18 10:58 - 2015-03-18 10:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{35A38611-FF44-4079-A6A5-26456ACD5059}
2015-03-17 08:44 - 2015-03-17 08:44 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C13D3E7E-ECC1-4B18-8878-9C3D404B920C}
2015-03-15 12:04 - 2015-03-15 12:04 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{43BC7C2F-8B1E-4CDA-94CD-ED7860B71252}
2015-03-12 10:15 - 2015-03-13 10:18 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7AAEC3D4-0BBA-48FA-95E2-8349F7757B22}
2015-03-11 21:45 - 2015-03-11 21:46 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C54A25DB-06AF-4722-91B0-8049080B98A3}
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6867D099-6974-49BC-8FAB-536766541082}
2015-03-11 09:10 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:10 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:10 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:10 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:10 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:10 - 2015-01-31 05:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:10 - 2015-01-31 04:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:10 - 2015-01-31 04:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:09 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:09 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:09 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:09 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:09 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:09 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:09 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:09 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:09 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:09 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:09 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:09 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:09 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:09 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:09 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:09 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:09 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:08 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:08 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:08 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:08 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:08 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:08 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:08 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:08 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:08 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:08 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:07 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:07 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:07 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:07 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:07 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:07 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:07 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:07 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:07 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:07 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:07 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:07 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:07 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 10:05 - 2015-03-10 22:08 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{EC90BD9F-6513-40C5-B0DB-088D5256BBF1}
2015-03-08 13:39 - 2015-03-08 13:39 - 00000000 ___RD () C:\Users\StudyDesktop\AppData\Roaming\Brother
2015-03-08 11:26 - 2015-03-08 11:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{2A1D0CBD-C241-46FC-B8D6-EF12F8BA7256}
2015-03-07 09:26 - 2015-03-07 09:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7866DA0D-2F34-45E3-BBE9-8E4FAFA1D7FC}
2015-03-06 17:35 - 2015-03-06 17:38 - 06208736 _____ (Tim Kosse) C:\Users\StudyDesktop\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-06 10:43 - 2015-03-06 10:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6AF648DE-2C4D-4525-A11B-46A512165CA1}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:37 - 2012-03-23 16:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 10:37 - 2012-03-23 16:46 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 10:26 - 2014-02-26 16:32 - 00000000 ____D () C:\Users\StudyDesktop\MoneySunset
2015-04-05 10:24 - 2011-03-26 15:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Skype
2015-04-05 10:04 - 2012-04-17 08:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 09:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ___RD () C:\Program Files\Skype
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ____D () C:\ProgramData\Skype
2015-04-05 03:21 - 2011-03-24 13:34 - 01505575 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 18:02 - 2009-08-26 11:16 - 00000000 ____D () C:\Users\StudyDesktop\Documents\General
2015-04-04 17:55 - 2005-04-25 23:07 - 00000000 ____D () C:\Users\StudyDesktop\Documents\CVS
2015-04-04 12:19 - 2014-11-17 17:29 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ControlCenter4
2015-04-04 11:50 - 2013-07-22 09:45 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road Ltd
2015-04-04 11:27 - 2011-03-24 12:42 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 09:39 - 2015-02-07 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-04 09:39 - 2012-07-30 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 09:11 - 2011-05-28 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Tracing
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:22 - 2011-06-12 20:17 - 04325376 _____ () C:\Windows\system32\Ikeext.etl
2015-04-04 08:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 09:16 - 2008-01-13 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Receipts
2015-04-01 17:09 - 2014-01-16 13:49 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Finance
2015-03-31 17:42 - 2014-11-14 08:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-31 17:21 - 2009-07-14 06:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 16:24 - 2014-06-03 15:55 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-31 16:24 - 2014-06-03 15:55 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-31 16:23 - 2013-04-25 12:35 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-30 12:42 - 2008-01-13 11:29 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Guest Info
2015-03-27 10:24 - 2015-01-12 13:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-23 16:25 - 2008-11-21 18:19 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Income
2015-03-23 13:28 - 2014-11-17 17:19 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2015-03-23 09:32 - 2015-01-03 14:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Jumping Bytes
2015-03-22 18:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-22 16:29 - 2011-05-09 09:30 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ObviousIdea
2015-03-22 16:27 - 2014-09-29 16:58 - 00000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\x_19b Sycamore
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road 34
2015-03-18 17:53 - 2013-01-20 15:38 - 00000000 ____D () C:\Users\StudyDesktop\Documents\GSE Accounts
2015-03-18 17:49 - 2011-06-30 11:10 - 00000000 ___SD () C:\Users\StudyDesktop\Documents\My Web Sites
2015-03-18 17:45 - 2008-05-06 15:18 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Cantinone Website Notes
2015-03-18 12:49 - 2011-03-29 19:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\Adobe
2015-03-18 11:42 - 2009-02-18 15:36 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Accoglie
2015-03-18 11:12 - 2012-04-17 08:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-18 11:12 - 2011-06-24 19:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 13:11 - 2014-01-11 16:30 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Adtelly
2015-03-13 18:30 - 2005-04-25 23:13 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Regulations
2015-03-13 18:29 - 2013-04-09 17:17 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Online Bills
2015-03-13 11:42 - 2013-04-25 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 10:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 21:42 - 2009-07-14 06:33 - 00306080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:33 - 2011-06-07 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 20:31 - 2013-07-26 23:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:21 - 2011-04-30 07:26 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 18:46 - 2011-08-29 13:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\FileZilla
 
==================== Files in the root of some directories =======
 
2013-10-05 11:52 - 2013-10-05 11:52 - 4188160 _____ () C:\Program Files\GUTB76F.tmp
2014-10-07 18:46 - 2014-10-07 18:46 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\howto
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Vocals
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\WebServer
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Widgets
2013-04-03 10:49 - 2014-12-09 16:36 - 0005632 _____ () C:\Users\StudyDesktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-29 16:58 - 2015-03-22 16:27 - 0000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2011-12-29 12:21 - 2014-11-13 16:52 - 0007626 _____ () C:\Users\StudyDesktop\AppData\Local\Resmon.ResmonCfg
2011-03-26 16:07 - 2011-03-26 16:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-10-07 18:46 - 2014-10-07 18:47 - 0000012 ___RH () C:\ProgramData\manual
2014-10-07 18:46 - 2014-10-07 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-10-07 18:48 - 2014-10-07 19:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-10-07 18:47 - 2014-10-25 17:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-07 18:47 - 2014-10-07 18:47 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-10-07 18:48 - 2014-10-07 18:48 - 0000012 ___RH () C:\ProgramData\vhosts
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Woodwinds
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\ProgramData\Work - Home
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Workflows
 
Some content of TEMP:
====================
C:\Users\StudyDesktop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\StudyDesktop\AppData\Local\Temp\WDAutoUpdate.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 08:51
 
==================== End Of Log ============================

 

 


~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


BC AdBot (Login to Remove)

 


#2 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 PM

Posted 05 April 2015 - 04:25 AM

Hello and happy Easter/hanukkah holiday,

 

I have an annoying malware which is hi-jacking my Chrome Searches. Not affecting IE/FF/Iron browsers.

 

I have managed to spread the malware from my Laptop (64bit) to my desktop (32bit) so it may have attached itself to my google profile (maybe?). It arrived on my laptop with an entire fruit salad of malware when I inadvertently clicked on a link. I managed to get rid of all others, but this keeps recurring. 

 

Leaving aside the Laptop, I am concentrating on cleaning the desktop, so here is the FRST log for the desktop, 32bit running Windows 7 Ultimate. 

 

PC appears to be running okay, I just can't use Google search on Chrome reliably.

 

Thanks

Jane

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by StudyDesktop (administrator) on STUDYDESKTOP-PC on 05-04-2015 10:43:44
Running from C:\Users\StudyDesktop\Downloads
Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EEventManager] => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-31] (Avast Software s.r.o.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [923312 2015-03-17] (Jumping Bytes)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2015-03-27] (VoipConnect)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\StudyDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantinone.eu/
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-31] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6EC76178-A5A5-470E-87DB-8583CCCB8BDA}: [NameServer] 192.168.7.1
 
FireFox:
========
FF ProfilePath: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF Extension: Google Bookmarks for Firefox - C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi [2011-03-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm_source=evening-newsletter&utm_medium=da-newsletter&utm_content=old_england&utm_campaign=evening-nl-20140408&utm_term=no-special-tg
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-23]
CHR Extension: (Google Search) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-23]
CHR Extension: (ZenMate) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Watch UK TV Online with Adtelly.tv) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2014-12-22]
CHR Extension: (Gmail) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-31]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-31] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-31] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-31] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2015-03-04] (The OpenVPN Project)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-31] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-03-31] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-31] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-03-31] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-31] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-31] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-31] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-31] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-31] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-31] (Avast Software)
R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:43 - 2015-04-05 10:44 - 00021790 _____ () C:\Users\StudyDesktop\Downloads\FRST.txt
2015-04-05 10:43 - 2015-04-05 10:43 - 00000000 ____D () C:\FRST
2015-04-05 10:41 - 2015-04-05 10:42 - 01135104 _____ (Farbar) C:\Users\StudyDesktop\Downloads\FRST.exe
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 18:02 - 2015-04-04 18:03 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Dad Photos
2015-04-04 09:11 - 2015-04-05 09:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{89A3AE9B-2C55-4990-9691-5859511F08CA}
2015-04-03 09:48 - 2015-04-03 09:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 21:49 - 2015-04-03 09:49 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B45EE6D0-E69C-4346-B663-A17CD9A67327}
2015-04-02 09:47 - 2015-04-02 09:47 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{5C75646C-702D-48DB-87A1-1990492D77F0}
2015-04-01 08:27 - 2015-04-01 08:27 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A5686405-5E83-4EC2-B5CD-8589641CD2F2}
2015-04-01 08:18 - 2015-04-04 08:22 - 00000224 _____ () C:\Windows\setupact.log
2015-04-01 08:18 - 2015-04-01 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 19:25 - 2015-03-31 19:25 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{4D546993-C0F3-43C1-9624-6981D174518F}
2015-03-31 18:43 - 2015-03-31 18:46 - 44832392 _____ (SRWare ) C:\Users\StudyDesktop\Documents\srware_iron.exe
2015-03-31 17:41 - 2015-03-31 17:41 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-31 16:28 - 2015-03-31 16:28 - 00002063 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-31 16:28 - 2015-03-31 16:28 - 00002003 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-03-31 16:24 - 2015-03-31 16:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-31 16:24 - 2015-03-31 16:23 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-31 16:23 - 2015-03-31 16:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-31 16:22 - 2015-03-31 16:22 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-31 07:24 - 2015-03-31 07:24 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{CF53DB2E-AAD4-43AA-936C-97916890309C}
2015-03-30 11:43 - 2015-03-30 11:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{88776E74-FA59-49D4-816A-672479FB1A47}
2015-03-28 10:34 - 2015-03-29 10:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{53B999B5-EDBB-4D3F-85BC-BC180A5AFB21}
2015-03-26 10:16 - 2015-03-27 10:17 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{54E05E47-D11A-422A-832F-DBEF9516A15F}
2015-03-24 07:58 - 2015-03-24 07:59 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B3E68C9C-D3F6-4EBF-98E9-EB80699DBA3F}
2015-03-23 11:38 - 2015-03-23 11:38 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{E164BEE7-124B-47C6-839E-EBA66DBB5EC4}
2015-03-23 09:32 - 2015-03-23 09:32 - 00000895 _____ () C:\Users\Public\Desktop\PureSync.lnk
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2015-03-22 23:35 - 2015-03-22 23:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{78E5EDD5-C222-4DB6-8B18-3A724DEA6CE5}
2015-03-22 18:24 - 2015-03-22 18:25 - 00000580 __RSH () C:\Users\StudyDesktop\ntuser.pol
2015-03-22 16:51 - 2015-03-22 16:51 - 00001065 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-22 10:11 - 2015-03-22 10:11 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A4B45DC3-A20B-4BC0-8423-8E36D79B5CB2}
2015-03-20 10:07 - 2015-03-20 10:07 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{48B8C162-FF57-468F-89D8-4680FE41E8C9}
2015-03-19 08:48 - 2015-03-19 08:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{524461A2-0BBA-428A-9F5D-4CC20E060C7F}
2015-03-18 10:58 - 2015-03-18 10:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{35A38611-FF44-4079-A6A5-26456ACD5059}
2015-03-17 08:44 - 2015-03-17 08:44 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C13D3E7E-ECC1-4B18-8878-9C3D404B920C}
2015-03-15 12:04 - 2015-03-15 12:04 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{43BC7C2F-8B1E-4CDA-94CD-ED7860B71252}
2015-03-12 10:15 - 2015-03-13 10:18 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7AAEC3D4-0BBA-48FA-95E2-8349F7757B22}
2015-03-11 21:45 - 2015-03-11 21:46 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C54A25DB-06AF-4722-91B0-8049080B98A3}
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6867D099-6974-49BC-8FAB-536766541082}
2015-03-11 09:10 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:10 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:10 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:10 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:10 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:10 - 2015-01-31 05:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:10 - 2015-01-31 04:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:10 - 2015-01-31 04:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:09 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:09 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:09 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:09 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:09 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:09 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:09 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:09 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:09 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:09 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:09 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:09 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:09 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:09 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:09 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:09 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:09 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:08 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:08 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:08 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:08 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:08 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:08 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:08 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:08 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:08 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:08 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:07 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:07 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:07 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:07 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:07 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:07 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:07 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:07 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:07 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:07 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:07 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:07 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:07 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 10:05 - 2015-03-10 22:08 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{EC90BD9F-6513-40C5-B0DB-088D5256BBF1}
2015-03-08 13:39 - 2015-03-08 13:39 - 00000000 ___RD () C:\Users\StudyDesktop\AppData\Roaming\Brother
2015-03-08 11:26 - 2015-03-08 11:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{2A1D0CBD-C241-46FC-B8D6-EF12F8BA7256}
2015-03-07 09:26 - 2015-03-07 09:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7866DA0D-2F34-45E3-BBE9-8E4FAFA1D7FC}
2015-03-06 17:35 - 2015-03-06 17:38 - 06208736 _____ (Tim Kosse) C:\Users\StudyDesktop\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-06 10:43 - 2015-03-06 10:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6AF648DE-2C4D-4525-A11B-46A512165CA1}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:37 - 2012-03-23 16:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 10:37 - 2012-03-23 16:46 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 10:26 - 2014-02-26 16:32 - 00000000 ____D () C:\Users\StudyDesktop\MoneySunset
2015-04-05 10:24 - 2011-03-26 15:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Skype
2015-04-05 10:04 - 2012-04-17 08:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 09:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ___RD () C:\Program Files\Skype
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ____D () C:\ProgramData\Skype
2015-04-05 03:21 - 2011-03-24 13:34 - 01505575 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 18:02 - 2009-08-26 11:16 - 00000000 ____D () C:\Users\StudyDesktop\Documents\General
2015-04-04 17:55 - 2005-04-25 23:07 - 00000000 ____D () C:\Users\StudyDesktop\Documents\CVS
2015-04-04 12:19 - 2014-11-17 17:29 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ControlCenter4
2015-04-04 11:50 - 2013-07-22 09:45 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road Ltd
2015-04-04 11:27 - 2011-03-24 12:42 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 09:39 - 2015-02-07 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-04 09:39 - 2012-07-30 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 09:11 - 2011-05-28 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Tracing
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:22 - 2011-06-12 20:17 - 04325376 _____ () C:\Windows\system32\Ikeext.etl
2015-04-04 08:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 09:16 - 2008-01-13 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Receipts
2015-04-01 17:09 - 2014-01-16 13:49 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Finance
2015-03-31 17:42 - 2014-11-14 08:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-31 17:21 - 2009-07-14 06:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 16:24 - 2014-06-03 15:55 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-31 16:24 - 2014-06-03 15:55 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-31 16:23 - 2013-04-25 12:35 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-30 12:42 - 2008-01-13 11:29 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Guest Info
2015-03-27 10:24 - 2015-01-12 13:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-23 16:25 - 2008-11-21 18:19 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Income
2015-03-23 13:28 - 2014-11-17 17:19 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2015-03-23 09:32 - 2015-01-03 14:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Jumping Bytes
2015-03-22 18:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-22 16:29 - 2011-05-09 09:30 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ObviousIdea
2015-03-22 16:27 - 2014-09-29 16:58 - 00000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\x_19b Sycamore
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road 34
2015-03-18 17:53 - 2013-01-20 15:38 - 00000000 ____D () C:\Users\StudyDesktop\Documents\GSE Accounts
2015-03-18 17:49 - 2011-06-30 11:10 - 00000000 ___SD () C:\Users\StudyDesktop\Documents\My Web Sites
2015-03-18 17:45 - 2008-05-06 15:18 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Cantinone Website Notes
2015-03-18 12:49 - 2011-03-29 19:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\Adobe
2015-03-18 11:42 - 2009-02-18 15:36 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Accoglie
2015-03-18 11:12 - 2012-04-17 08:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-18 11:12 - 2011-06-24 19:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 13:11 - 2014-01-11 16:30 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Adtelly
2015-03-13 18:30 - 2005-04-25 23:13 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Regulations
2015-03-13 18:29 - 2013-04-09 17:17 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Online Bills
2015-03-13 11:42 - 2013-04-25 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 10:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 21:42 - 2009-07-14 06:33 - 00306080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:33 - 2011-06-07 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 20:31 - 2013-07-26 23:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:21 - 2011-04-30 07:26 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 18:46 - 2011-08-29 13:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\FileZilla
 
==================== Files in the root of some directories =======
 
2013-10-05 11:52 - 2013-10-05 11:52 - 4188160 _____ () C:\Program Files\GUTB76F.tmp
2014-10-07 18:46 - 2014-10-07 18:46 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\howto
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Vocals
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\WebServer
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Widgets
2013-04-03 10:49 - 2014-12-09 16:36 - 0005632 _____ () C:\Users\StudyDesktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-29 16:58 - 2015-03-22 16:27 - 0000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2011-12-29 12:21 - 2014-11-13 16:52 - 0007626 _____ () C:\Users\StudyDesktop\AppData\Local\Resmon.ResmonCfg
2011-03-26 16:07 - 2011-03-26 16:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-10-07 18:46 - 2014-10-07 18:47 - 0000012 ___RH () C:\ProgramData\manual
2014-10-07 18:46 - 2014-10-07 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-10-07 18:48 - 2014-10-07 19:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-10-07 18:47 - 2014-10-25 17:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-07 18:47 - 2014-10-07 18:47 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-10-07 18:48 - 2014-10-07 18:48 - 0000012 ___RH () C:\ProgramData\vhosts
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Woodwinds
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\ProgramData\Work - Home
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Workflows
 
Some content of TEMP:
====================
C:\Users\StudyDesktop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\StudyDesktop\AppData\Local\Temp\WDAutoUpdate.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 08:51
 
==================== End Of Log ============================

 

 

Attached Files


~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 05 April 2015 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [*LABAL*] => [X]
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-31]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

p.s.
I have merged you posts.

#4 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 PM

Posted 06 April 2015 - 02:14 AM

Hi nasdaq,

 

Thank you for getting back to me so quickly.  I had trouble when I was originally posting, BC was 'waiting' a long time for me to connect, so I restarted my post. No idea why the post was showing up twice?

 

Here is the FRST fixlog.txt file

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by StudyDesktop at 2015-04-06 08:13:08 Run:1
Running from C:\Users\StudyDesktop\Downloads
Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [*LABAL*] => [X]
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-31]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\*LABAL* => value deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx => Moved successfully.
LMIInfo => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\TEMP => ":6DDED7D9" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:13:11 ====
 
 
And here is the AdwCleaner Log
 
 
# AdwCleaner v4.200 - Logfile created 06/04/2015 at 08:44:02
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : StudyDesktop - STUDYDESKTOP-PC
# Running from : C:\Users\StudyDesktop\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v36.0.4 (x86 en-GB)
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.booking.com/searchresults.en-us.html?si=ai%2Cco%2Cci%2Cre%2Cdi;ss={searchTerms};label=opensearch-plugin
[C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ownersdirect.co.uk/search_results.asp?specific_location_vchar={searchTerms}&action.x=54&action.y=13&action=search
[C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [2874 bytes] - [05/01/2015 16:19:33]
AdwCleaner[R1].txt - [7250 bytes] - [06/04/2015 08:30:52]
AdwCleaner[S0].txt - [3630 bytes] - [05/01/2015 16:23:37]
AdwCleaner[S1].txt - [1473 bytes] - [06/04/2015 08:44:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1532  bytes] ##########
 
 
 
 
The Desktop PC is running fine. I did a reset on Chrome (and lost all my extensions!) but now the TRACKID=006 is not appending to the search.
 
Is it OK to try the same fixes to my Laptop but using 64bit where appropriate?
 
Can I save my extensions on Chrome before the reset - or would that possibly save the TrackID malware as well?
 
Thank you
Jane
 

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 06 April 2015 - 07:36 AM


We co not give help on 2 computers in the same topic.

I suggest you run the AdwCleaner tool and then run the Farbar tool on the laptop.

Create a new topic and post the logs for my review.

Let me have the URL and I will expedite the matter.


p.s.
The best way to keep your Chrome setting is to remove it and re-install the application

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

#6 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:53 PM

Posted 06 April 2015 - 10:41 AM

OK, thank you nasdaq.

 

This PC is clean so please can you close this topic.  I'll start another on the laptop problems....

 

Regards,

Jane


~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 06 April 2015 - 01:05 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 11 April 2015 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users