Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AdChoices


  • This topic is locked This topic is locked
2 replies to this topic

#1 cherold

cherold

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 15 April 2015 - 10:55 AM

Yesterday I started getting ads in all my browsers on all pages even though I have adblock. They all have a little information icon that tells you they're from adchoices, but clicking on that doesn't tell you why it's there or how to get rid of it. (Not only do I have ads, but Chrome doesn't work right when I try to enter data; I had to post this using Maxthon because paste wasn't working in Chrome).

 

I ran malwarebytes, spybot, superantispyware, adwcleaner and tdsskiller and none of them even found AdChoices. I also tried ComboFix, which I know this site recommends against using without support, but I did. It stuck at stage 40, at which point I found instructions to get it going by killing certain files with the taskmanager like pev.exe and got it to stage 48 at which point it would go no further and I had to reboot. As far as I can tell, my PC wasn't hurt by the endeavor but neither was it helped.

 
 
 
====================== FRST.txt ================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02
Ran by Charles D Herold (administrator) on CHARLESDHEROLD on 15-04-2015 11:20:03
Running from C:\Users\Charles D Herold\Downloads
Loaded Profiles: Charles D Herold (Available profiles: Charles D Herold)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Singer's Creations) C:\Program Files (x86)\Weather Watcher\ww.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NirSoft) C:\Program Files (x86)\Volumouse\volumouse.exe
(Google Inc.) C:\Users\Charles D Herold\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Charles D Herold\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Yellow blue soft) C:\Program Files (x86)\Yellow Blue Soft\Tabbles\tabbles.exe
(Flux Software LLC) C:\Users\Charles D Herold\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\Utilities\ToggleHiddenFiles.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Blackfish Software\IE Tab Helper\1.5.5.1\ietabhelper.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\RegSvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\RegSvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [5457920 2015-04-01] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-01] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\c7fa23c1-6b60-4d10-875b-f0f30b0b1293.exe [183232 2015-04-15] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [WeatherWatcher] => C:\Program Files (x86)\Weather Watcher\ww.exe [1110016 2009-07-07] (Singer's Creations)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [$Volumouse$] => C:\Program Files (x86)\Volumouse\volumouse.exe [88576 2013-11-18] (NirSoft)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [Google Update] => C:\Users\Charles D Herold\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-01] (Google Inc.)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [MusicManager] => C:\Users\Charles D Herold\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [Tabbles] => C:\Program Files (x86)\Yellow Blue Soft\Tabbles\Tabbles.exe [148480 2012-11-21] (Yellow blue soft)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [f.lux] => C:\Users\Charles D Herold\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [GoogleChromeAutoLaunch_F2E38A291667CF24DB8805F91C078477] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-23] (Google Inc.)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [OneDrive] => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5404296 2015-03-13] (Plex, Inc.)
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Charles D Herold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Charles D Herold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles Win+H.lnk
ShortcutTarget: ToggleHiddenFiles Win+H.lnk -> C:\Program Files (x86)\Utilities\ToggleHiddenFiles.exe ()
SSODL: EldosMountNotificator-cbfs5 - {630D8D9B-AC04-4078-B861-87A7A7A77A11} - C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {630D8D9B-AC04-4078-B861-87A7A7A77A11} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay-cbfs5] -> {78EC43EF-A5D5-4884-B733-997FE27547C0} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [2EldosIconOverlay-cbfs5] -> {04C01A8F-1BA1-4831-9F7C-4B716D09F71B} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {126EA440-800F-47E5-A43B-6BB321C01905} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Charles D Herold\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay-cbfs5] -> {78EC43EF-A5D5-4884-B733-997FE27547C0} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [2EldosIconOverlay-cbfs5] -> {04C01A8F-1BA1-4831-9F7C-4B716D09F71B} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charles D Herold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {126EA440-800F-47E5-A43B-6BB321C01905} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1814022282-1854997631-837437133-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1814022282-1854997631-837437133-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: FunDDeealS -> {0C73CF32-5C0B-10D0-4081-2671DC48CBD9} -> C:\ProgramData\FunDDeealS\8_jmC.x64.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {760B0BA6-D086-04F4-5B89-AB002EFEBD7A} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-17] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-17] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-17] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-17] (LastPass)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-17] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (FileLab)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2012-05-25] ( )
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-17] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1814022282-1854997631-837437133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Charles D Herold\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1814022282-1854997631-837437133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Charles D Herold\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1814022282-1854997631-837437133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charles D Herold\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\support@lastpass.com [2014-08-25]
FF Extension: Facebook Panda - Google Maps for Facebook - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\{6e507600-42ef-11e2-a25f-0800200c9a66} [2014-08-25]
FF Extension: Reddit Enhancement Suite - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-08-25]
FF Extension: Social Fixer - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\socialfixer@mattkruse.com.xpi [2014-08-26]
FF Extension: Download Status Bar - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-25]
FF Extension: Adblock Plus - C:\Users\Charles D Herold\AppData\Roaming\Mozilla\Firefox\Profiles\80ef4hdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-15]
 
Chrome: 
=======
CHR Profile: C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple = Select + Search) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2013-11-15]
CHR Extension: (Google Translate) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-11-15]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmgjcmmphkhndoahbfanhbgeekconmm [2013-11-15]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-03-17]
CHR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2014-08-14]
CHR Extension: (Weather (extension)) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2015-03-31]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-11-15]
CHR Extension: (History site blocker) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgnheiibhnjklgimaldgngjcfblachh [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Note Anywhere) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh [2013-11-15]
CHR Extension: (SmoothScroll) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2013-11-15]
CHR Extension: (Adblock Plus) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-15]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Type-ahead-find) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpecbmjeidppdiampimghndkikcmoadk [2013-11-15]
CHR Extension: (Email this page (by Google)) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2013-11-15]
CHR Extension: (Context Search) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpfafcplnjmakknnonpegphpmpmhjhj [2013-11-15]
CHR Extension: (Remove Google Redirection) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2014-11-20]
CHR Extension: (PasswordMaker) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\doblembglfahhpiilfhajboogopikhcm [2013-11-15]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dohbiijnjeiejifbgfdhfknogknkglio [2013-11-15]
CHR Extension: (WasteNoTime) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch [2013-11-15]
CHR Extension: (Stylish) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2013-11-15]
CHR Extension: (Don't track me Google) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbofhhdmcladcmmfjolgndfkpobecpg [2014-05-18]
CHR Extension: (Boxopus) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdifjpojafakgbdkfephddpkjejincan [2014-05-06]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-31]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-17]
CHR Extension: (YouTube Center) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2014-04-16]
CHR Extension: (IE Tab) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2013-11-28]
CHR Extension: (Send Page) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\higemadklcnjhjpgcbnnbpgeeippjjcp [2013-11-15]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-04-09]
CHR Extension: (TabJump - Intelligent Tab Navigator) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf [2013-11-15]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-11-15]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-11-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-06-22]
CHR Extension: (Image Search Options) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2015-01-28]
CHR Extension: (Bookmarks Tagging) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdepbjjhlbhohppiancfgdpkjcoajgb [2014-09-09]
CHR Extension: (add.2.cal) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngiaionppnidcdgncamipkmjfacibcf [2013-11-15]
CHR Extension: (BugMeNot Lite) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2013-11-15]
CHR Extension: (TempMarks) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekceafoajglomomaeghaaoamfpmaajc [2013-11-15]
CHR Extension: (FVD Video Downloader) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-04-14]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil [2013-11-15]
CHR Extension: (Skype Click to Call) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-05]
CHR Extension: (Bookmark Checker) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2014-09-09]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-15]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2013-11-15]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2013-11-15]
CHR Extension: (Open PinnedTab Link) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpjfkobpnfgddkikflgejdgclhpmagha [2014-11-06]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-11-15]
CHR Extension: (ClipConverter) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp [2013-11-15]
CHR Extension: (Filestream.me extension) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpnfhfaabjfnfabmecmfdedkeoldogp [2015-03-02]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Better Pop Up Blocker) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-11-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-11-15]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2013-11-15]
CHR Extension: (Better History) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2015-04-14]
CHR Extension: (Allow RightClick) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgmhaimkkjbnpmnpbgemphpcedcbbfd [2014-06-25]
CHR Extension: (Tab Bundler) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd [2014-06-21]
CHR Extension: (Facebook Panda - Google Maps for Facebook) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\padomndbadofflajmcnblpfgincegbpl [2013-11-15]
CHR Extension: (One Window) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\papnlnnbddhckngcblfljaelgceffobn [2013-11-15]
CHR Extension: (Evernote Web Clipper) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR Extension: (Slim Lists for Trello) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlejgbmijmafmobaofcgblpdbkaodod [2014-04-30]
CHR Extension: (Profile Manager) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobhfaiabikkbaheoohmojdkkdmladgo [2013-12-06]
CHR Profile: C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-07]
CHR Extension: (Enable right click) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (No Name) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR Profile: C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Docs) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (ExsttraCoupon) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejnbinpmbaioihlmpbpiaockelenkdjn [2014-05-27]
CHR Extension: (NetoCoUpon) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\enjpenofiklfbfdccphlmkjedejhcbce [2014-06-01]
CHR Extension: (FuenDeAls) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbomleefofbihcnmnlgphdnokfgfoofk [2014-02-28]
CHR Extension: (W3Schools Hider) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2014-06-16]
CHR Extension: (Cookie Clicker Extended) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mefkpmhgfljflbldannlgahlmhagdcoe [2014-06-06]
CHR Extension: (Gmail) - C:\Users\Charles D Herold\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-13] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5911856 2015-02-09] (MediaMall Technologies, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-15] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-15] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-15] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-15] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-15] ()
R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [416960 2014-03-06] (EldoS Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-13] (Avast Software)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
R3 ALSysIO; \??\C:\Users\CHARLE~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 11:20 - 2015-04-15 11:28 - 00047002 _____ () C:\Users\Charles D Herold\Downloads\FRST.txt
2015-04-15 10:41 - 2015-04-15 10:41 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-15 10:40 - 2014-12-13 15:55 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3855.tmp
2015-04-15 10:40 - 2014-12-13 15:55 - 00267632 _____ () C:\Windows\system32\Drivers\asw48F9.tmp
2015-04-15 10:40 - 2014-12-13 15:55 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6705.tmp
2015-04-15 10:39 - 2014-12-13 15:56 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw52B3.tmp
2015-04-15 10:39 - 2014-12-13 15:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswBE71.tmp
2015-04-15 10:39 - 2014-12-13 15:55 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\asw919.tmp
2015-04-15 10:39 - 2014-12-13 15:55 - 00065776 _____ () C:\Windows\system32\Drivers\asw19DC.tmp
2015-04-15 10:39 - 2014-12-13 15:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswE3CD.tmp
2015-04-15 10:38 - 2015-04-15 10:36 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-15 10:31 - 2015-04-15 10:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-15 10:10 - 2015-04-15 11:20 - 00000000 ____D () C:\FRST
2015-04-15 10:09 - 2015-04-15 10:09 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-15 10:08 - 2015-04-15 10:08 - 02097152 _____ (Farbar) C:\Users\Charles D Herold\Downloads\FRST64.exe
2015-04-14 20:17 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-14 20:17 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-14 20:17 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-14 20:17 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-14 20:17 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-14 20:17 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-14 20:17 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-14 20:17 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-14 20:16 - 2015-04-15 09:31 - 00000000 ___SD () C:\ComboFix
2015-04-14 20:09 - 2015-04-14 20:16 - 00000000 ___SD () C:\32788R22FWJFW
2015-04-14 20:09 - 2015-04-14 20:09 - 00000000 ____D () C:\Windows\erdnt
2015-04-14 19:27 - 2015-04-14 19:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Charles D Herold\Downloads\tdsskiller.exe
2015-04-14 18:30 - 2015-04-14 18:30 - 02217984 _____ () C:\Users\Charles D Herold\Downloads\adwcleaner_4.201.exe
2015-04-14 14:30 - 2015-04-14 14:31 - 00003310 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1814022282-1854997631-837437133-1001
2015-04-13 11:57 - 2015-04-13 11:57 - 00000197 _____ () C:\Windows\system32\2015-04-13-15-57-33.001-AvastVBoxSVC.exe-7880.log
2015-04-13 00:24 - 2015-04-13 00:24 - 00000197 _____ () C:\Windows\system32\2015-04-13-04-24-44.013-AvastVBoxSVC.exe-8148.log
2015-04-12 10:28 - 2015-04-12 10:28 - 00000197 _____ () C:\Windows\system32\2015-04-12-14-28-21.010-AvastVBoxSVC.exe-7960.log
2015-04-11 10:28 - 2015-04-11 10:28 - 00000197 _____ () C:\Windows\system32\2015-04-11-14-28-40.062-AvastVBoxSVC.exe-2900.log
2015-04-10 11:51 - 2015-04-10 11:51 - 00000197 _____ () C:\Windows\system32\2015-04-10-15-51-22.023-AvastVBoxSVC.exe-5992.log
2015-04-09 21:20 - 2015-04-09 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-04-09 20:15 - 2015-04-09 20:15 - 00000197 _____ () C:\Windows\system32\2015-04-10-00-15-43.014-AvastVBoxSVC.exe-2280.log
2015-04-09 10:44 - 2015-04-09 10:44 - 00000197 _____ () C:\Windows\system32\2015-04-09-14-44-13.014-AvastVBoxSVC.exe-5240.log
2015-04-08 07:56 - 2015-04-08 07:56 - 00000197 _____ () C:\Windows\system32\2015-04-08-11-56-23.088-AvastVBoxSVC.exe-3160.log
2015-04-07 11:11 - 2015-04-07 11:12 - 00000197 _____ () C:\Windows\system32\2015-04-07-15-11-56.052-AvastVBoxSVC.exe-7152.log
2015-04-07 00:36 - 2015-04-07 00:36 - 00000000 ____D () C:\NVIDIA
2015-04-06 13:06 - 2015-04-06 13:07 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-04-06 13:05 - 2015-04-06 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-04-06 13:01 - 2015-04-06 13:05 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-04-06 13:00 - 2015-04-06 13:00 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-04-06 11:12 - 2015-04-06 11:12 - 00000197 _____ () C:\Windows\system32\2015-04-06-15-12-19.078-AvastVBoxSVC.exe-6764.log
2015-04-06 08:33 - 2015-04-06 08:33 - 00000197 _____ () C:\Windows\system32\2015-04-06-12-33-04.026-AvastVBoxSVC.exe-3828.log
2015-04-05 20:27 - 2015-04-05 20:27 - 00000197 _____ () C:\Windows\system32\2015-04-06-00-27-16.009-AvastVBoxSVC.exe-7176.log
2015-04-04 20:36 - 2015-04-04 20:37 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 20:36 - 2015-04-04 20:36 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 11:50 - 2015-04-04 11:50 - 00000197 _____ () C:\Windows\system32\2015-04-04-15-50-06.015-AvastVBoxSVC.exe-6904.log
2015-04-03 18:44 - 2015-04-03 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-03 16:19 - 2015-04-03 16:19 - 00000197 _____ () C:\Windows\system32\2015-04-03-20-19-08.088-AvastVBoxSVC.exe-6908.log
2015-04-03 09:07 - 2015-04-03 09:07 - 00000197 _____ () C:\Windows\system32\2015-04-03-13-07-32.012-AvastVBoxSVC.exe-4176.log
2015-04-02 11:38 - 2015-04-02 11:38 - 00000197 _____ () C:\Windows\system32\2015-04-02-15-38-19.012-AvastVBoxSVC.exe-3236.log
2015-04-01 04:36 - 2015-04-01 04:37 - 00000197 _____ () C:\Windows\system32\2015-04-01-08-36-55.014-AvastVBoxSVC.exe-6048.log
2015-03-31 16:42 - 2015-03-31 16:42 - 00000197 _____ () C:\Windows\system32\2015-03-31-20-42-32.022-AvastVBoxSVC.exe-6692.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 11:29 - 2013-11-15 04:24 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\WeatherWatcher
2015-04-15 11:26 - 2013-11-14 21:30 - 01779759 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 10:47 - 2013-12-01 03:33 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814022282-1854997631-837437133-1001UA.job
2015-04-15 10:46 - 2013-11-14 19:04 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 10:46 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:46 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:44 - 2014-07-31 12:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 10:36 - 2014-08-01 11:01 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-15 10:36 - 2014-08-01 11:01 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-15 10:36 - 2013-11-15 03:37 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-15 10:36 - 2013-11-15 03:37 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-15 10:36 - 2013-11-15 03:37 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-15 10:36 - 2013-11-15 03:37 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-15 10:36 - 2013-11-15 03:37 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-15 10:26 - 2013-11-15 03:37 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-15 09:58 - 2013-12-31 20:28 - 00000010 _____ () C:\Users\Charles D Herold\AppData\Roaming\tabbles_hwnd_quick_link
2015-04-15 09:58 - 2013-12-31 20:28 - 00000009 _____ () C:\Users\Charles D Herold\AppData\Roaming\tabbles_hwnd_main
2015-04-15 09:52 - 2013-11-18 12:08 - 00135477 _____ () C:\Windows\setupact.log
2015-04-15 09:52 - 2013-11-16 20:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-15 09:51 - 2013-11-14 19:04 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 09:51 - 2009-07-14 01:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-15 09:51 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 09:50 - 2013-11-18 12:07 - 00298432 _____ () C:\Windows\PFRO.log
2015-04-15 09:50 - 2013-11-15 20:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-15 09:47 - 2013-12-01 03:33 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814022282-1854997631-837437133-1001Core.job
2015-04-14 20:16 - 2013-05-16 17:13 - 00000000 ____D () C:\Qoobox
2015-04-14 20:07 - 2013-01-30 21:26 - 00000000 ____D () C:\temp
2015-04-14 19:02 - 2013-11-19 09:14 - 00000000 ____D () C:\AdwCleaner
2015-04-14 15:14 - 2015-03-10 16:00 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\Blurity
2015-04-14 13:44 - 2014-07-31 12:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 13:44 - 2014-07-31 12:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:44 - 2014-05-19 18:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 13:14 - 2014-09-05 11:55 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Local\Adobe
2015-04-14 13:11 - 2014-07-01 13:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 11:00 - 2013-12-18 03:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-13 16:03 - 2014-04-21 19:54 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Local\IE Tab
2015-04-12 21:12 - 2013-11-15 15:27 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\Everything
2015-04-12 15:34 - 2013-11-18 13:36 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\avidemux
2015-04-09 21:21 - 2013-11-15 02:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-04 11:41 - 2013-11-15 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 14:14 - 2009-07-14 01:13 - 00901452 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 06:44 - 2014-06-18 10:54 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\Sony
2015-04-01 06:43 - 2015-02-04 10:57 - 00000000 ____D () C:\Program Files\Bitcasa
2015-04-01 06:42 - 2015-02-04 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa
2015-04-01 06:39 - 2014-03-19 21:54 - 00000000 ____D () C:\Users\Charles D Herold\AppData\Roaming\Bitcasa
2015-04-01 06:19 - 2014-05-11 16:47 - 00000000 ____D () C:\Windows\Minidump
2015-03-31 19:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-31 16:48 - 2014-01-21 15:42 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2015-03-31 16:47 - 2014-01-21 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
 
==================== Files in the root of some directories =======
 
2014-04-17 17:34 - 2014-04-17 17:34 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-12-31 20:28 - 2015-04-15 09:58 - 0000009 _____ () C:\Users\Charles D Herold\AppData\Roaming\tabbles_hwnd_main
2013-12-31 20:28 - 2015-04-15 09:58 - 0000010 _____ () C:\Users\Charles D Herold\AppData\Roaming\tabbles_hwnd_quick_link
2013-12-31 20:35 - 2014-05-12 20:10 - 0000212 _____ () C:\Users\Charles D Herold\AppData\Roaming\tabbles_message2
2013-11-18 17:41 - 2013-11-18 17:41 - 0000093 _____ () C:\Users\Charles D Herold\AppData\Roaming\WB.CFG
2013-11-18 17:41 - 2013-11-18 17:41 - 0000006 _____ () C:\Users\Charles D Herold\AppData\Roaming\WBPU-TTL.DAT
2014-02-24 21:57 - 2014-06-22 21:00 - 0013824 _____ () C:\Users\Charles D Herold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-23 14:57 - 2014-10-23 14:57 - 0004808 _____ () C:\Users\Charles D Herold\AppData\Local\recently-used.xbel
2014-10-28 23:38 - 2014-10-28 23:38 - 0000087 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\sxshared.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 00:58
 
==================== End Of Log ============================

Attached Files


Edited by cherold, 16 April 2015 - 10:04 AM.
DUPE, delete - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 20 April 2015 - 11:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573329 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 25 April 2015 - 11:00 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users