Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection...Please Help.


  • This topic is locked This topic is locked
27 replies to this topic

#1 Xarmark77

Xarmark77

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 12 May 2015 - 11:11 PM

I was trying to get a file from kickasstorent.com it came with a downloader and that came with a whole bunch of malware. When I open Internet Explorer I get Internet Explorer has stopped working: A problem cause the program to stop working correctly. Windows will close the program and notify you if  a solution is available. On firefox, when I went to a geeksquad.com I get a reported web forgery error message. When I restarted it and logged in it gave me a sad face and said there was a problem, It then rebooted and let me log in.

I ran MalwareBytes, Hitman Pro, ADWCleaner, EMISoft Cleaner. They found stuff and quarantined or deleted it. It's still having problems after all that and I have no idea what else to do.  Please help.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 17 May 2015 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576015 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 18 May 2015 - 12:40 PM

This was the first log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Mitchell (administrator) on MOOGY on 18-05-2015 13:27:47
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available profiles: Mitchell & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\mongoose-2.8\srvany.exe
() C:\mongoose-2.8\mongoose.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Capital Intellect, Inc.) C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BFHP] => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exe [411680 2015-02-03] (Capital Intellect, Inc.)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [Hide.me] => [X]
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BitTorrent] => C:\Users\Mitchell\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe [1696104 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\RunOnce: [Uninstall C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\MountPoints2: {4ff1cfa9-7cff-11e4-bede-008cfa2fa40e} - "E:\autorun.exe"
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.aol.com/38905-919/aol-6/en-us/Suite.aspx
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://search.coupons.com/
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google.com/mail/u/0/#inbox
https://www.facebook.com/MDickieFans
SearchScopes: HKU\.DEFAULT -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-16] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76
Tcpip\..\Interfaces\{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\fuay3mt8.default-1417589053923
FF Homepage: https://mail.aol.com/38865-418/aol-6/en-us/suite.aspx|https://mail.google.com/mail/u/0/?tab=wm#inbox|https://www.facebook.com/MDickieFans
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-02-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Beautiful landscape) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-07-08]
CHR Extension: (Google Docs) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-06]
CHR Extension: (Google Drive) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-06]
CHR Extension: (YouTube) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-06]
CHR Extension: (Google Search) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-06]
CHR Extension: (Google Wallet) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-06]
CHR Extension: (No Name) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2014-12-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-11] (SurfRight B.V.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Mongoose 2.8; C:\mongoose-2.8\srvany.exe [8192 2009-05-25] () [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S0 nvrptm; System32\drivers\coddlebo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 13:27 - 2015-05-18 13:28 - 00018842 _____ () C:\Users\Mitchell\Downloads\FRST.txt
2015-05-18 13:27 - 2015-05-18 13:28 - 00000000 ____D () C:\FRST
2015-05-18 12:40 - 2015-05-18 12:40 - 00000000 ____D () C:\Users\Mitchell\Desktop\Flash
2015-05-18 12:36 - 2015-05-18 12:37 - 02107392 _____ (Farbar) C:\Users\Mitchell\Downloads\FRST64.exe
2015-05-14 03:58 - 2015-05-14 03:59 - 00000000 ___RD () C:\Users\Mitchell\OneDrive
2015-05-12 22:56 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:02 - 2015-05-12 22:02 - 399124654 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-12 22:02 - 2015-05-12 22:02 - 00284888 _____ () C:\WINDOWS\Minidump\051215-20890-01.dmp
2015-05-12 21:36 - 2015-05-18 13:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 21:35 - 2015-05-12 21:35 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-12 21:35 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-12 21:35 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-12 21:35 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-12 21:34 - 2015-05-12 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022(2).exe
2015-05-12 21:29 - 2015-05-12 21:29 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Mitchell\Downloads\mbam-clean-2.1.1.1001.exe
2015-05-12 17:58 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:58 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:58 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 17:58 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:58 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:58 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:58 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:58 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:58 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:58 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:58 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:58 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:58 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:58 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:58 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:58 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:58 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:58 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:58 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:58 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:58 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:58 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:58 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:58 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:58 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:58 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:58 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:58 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:58 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:58 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:58 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:58 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:58 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:58 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:58 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:58 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:58 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:58 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:58 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:58 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:58 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:58 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:58 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:58 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:58 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:58 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:58 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:58 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:58 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:58 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:58 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:58 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:58 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:58 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:58 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:58 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:58 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:58 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:58 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:58 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:58 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:58 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 17:58 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:58 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:58 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:58 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:58 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:57 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:57 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:57 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:57 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:57 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:57 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:57 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:57 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:57 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:57 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:57 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:57 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-11 22:41 - 2015-05-11 22:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-11 22:29 - 2015-05-11 22:33 - 00000766 _____ () C:\Users\Mitchell\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-11 22:28 - 2015-05-11 22:32 - 00000000 ____D () C:\EEK
2015-05-11 22:26 - 2015-05-11 22:27 - 156077456 _____ () C:\Users\Mitchell\Downloads\EmsisoftEmergencyKit.exe
2015-05-11 22:16 - 2015-05-11 22:19 - 00000000 ____D () C:\AdwCleaner
2015-05-11 22:16 - 2015-05-11 22:16 - 02204160 _____ () C:\Users\Mitchell\Downloads\adwcleaner_4.203.exe
2015-05-11 22:10 - 2015-05-11 22:10 - 00303448 _____ () C:\WINDOWS\system32\.crusader
2015-05-11 21:49 - 2015-05-11 21:49 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-05-11 21:49 - 2015-05-11 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-11 21:49 - 2015-05-11 21:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-11 21:47 - 2015-05-11 22:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 21:47 - 2015-05-11 21:47 - 11024496 _____ (SurfRight B.V.) C:\Users\Mitchell\Downloads\HitmanPro_x64.exe
2015-05-11 21:35 - 2015-05-11 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 21:31 - 2015-05-11 21:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mitchell\Downloads\tdsskiller.exe
2015-05-11 19:47 - 2015-05-11 19:47 - 00000041 _____ () C:\Users\Mitchell\AppData\Roaming\mbam.context.scan
2015-05-11 14:20 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\qvm
2015-05-11 14:00 - 2015-05-11 14:00 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsi549F.tmp
2015-05-11 13:54 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\Radio
2015-05-11 13:21 - 2015-05-11 13:21 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsc6725.tmp
2015-05-11 13:09 - 2015-05-11 13:43 - 00000112 _____ () C:\ProgramData\MS6c5m1.dat
2015-05-11 12:58 - 2015-05-11 13:42 - 00000000 ____D () C:\ProgramData\abc
2015-05-11 12:41 - 2015-05-11 12:41 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
2015-05-11 12:41 - 2015-05-11 12:41 - 00000000 ____D () C:\Program Files (x86)\Pandaje Group
2015-05-11 12:35 - 2015-05-11 14:41 - 00000000 ____D () C:\Program Files (x86)\Maxiget Software Manager
2015-05-11 01:24 - 2015-05-11 20:37 - 00000000 ____D () C:\Users\Mitchell\Downloads\Outlander.S01E13.The.Watch.720p.WEB-DL.2CH.x264-ImanCharge.ir
2015-05-11 00:41 - 2015-05-11 22:10 - 00000000 ____D () C:\Users\Mitchell\Desktop\downloaded
2015-05-10 23:37 - 2015-05-10 23:37 - 00000651 _____ () C:\Users\Mitchell\Desktop\www - Shortcut.lnk
2015-05-10 23:28 - 2015-05-10 23:30 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Hide.me
2015-05-10 23:28 - 2015-05-10 23:28 - 00002708 _____ () C:\WINDOWS\System32\Tasks\arp_flush
2015-05-10 23:28 - 2015-05-10 23:28 - 00001048 _____ () C:\Users\Public\Desktop\hide.me VPN.lnk
2015-05-10 23:28 - 2015-05-10 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2015-05-10 23:28 - 2015-05-10 23:28 - 00000000 ____D () C:\Program Files (x86)\hide.me VPN
2015-05-10 22:26 - 2015-05-18 12:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-05-10 22:26 - 2015-05-10 22:28 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\NCH Software
2015-05-10 22:26 - 2015-05-10 22:26 - 00001263 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2015-05-10 22:26 - 2015-05-10 22:26 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2015-05-10 22:26 - 2015-05-10 22:26 - 00001133 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2015-05-10 22:26 - 2015-05-10 22:26 - 00000000 ____D () C:\ProgramData\NCH Software
2015-05-10 22:26 - 2015-05-10 22:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-05-10 20:39 - 2015-05-10 20:39 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\BeFrugal
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mongoose web server
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mongoose web server
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\mongoose-2.8
2015-05-10 13:53 - 2015-05-11 19:32 - 00000000 ____D () C:\www
2015-04-19 20:21 - 2015-04-19 20:21 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\LMmAD3WOyiEgwo8fvc
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\FU8F6FH63j

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 13:21 - 2015-02-01 13:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 13:21 - 2014-07-08 13:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-18 13:21 - 2014-06-29 21:06 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\Adobe
2015-05-18 13:20 - 2015-02-03 21:32 - 01780135 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-18 13:19 - 2015-04-13 08:28 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\BitTorrent
2015-05-18 13:19 - 2015-02-25 12:40 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOOGY-Mitchell Moogy
2015-05-18 13:18 - 2013-10-28 19:33 - 00000000 ___RD () C:\Users\Mitchell\SkyDrive
2015-05-18 13:17 - 2015-02-18 08:02 - 00111384 _____ () C:\WINDOWS\PFRO.log
2015-05-18 13:17 - 2015-02-04 00:02 - 00005266 _____ () C:\WINDOWS\setupact.log
2015-05-18 13:17 - 2013-09-29 23:51 - 00000000 ____D () C:\WINDOWS\SKB
2015-05-18 13:17 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-18 13:17 - 2013-04-05 15:15 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 13:17 - 2013-04-05 15:15 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 13:16 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-18 13:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-18 13:06 - 2013-02-13 01:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3690005664-4159630313-185192455-1001
2015-05-18 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-18 12:44 - 2013-02-13 20:34 - 00000000 ___RD () C:\Users\Mitchell\Dropbox
2015-05-18 12:44 - 2013-02-13 20:32 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Dropbox
2015-05-18 12:43 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-18 12:43 - 2013-02-13 20:34 - 00001085 _____ () C:\Users\Mitchell\Desktop\Dropbox.lnk
2015-05-18 12:43 - 2013-02-13 20:33 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:24 - 2013-12-09 15:11 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A26676B5-1FEF-41F9-8111-BB531F11B76C}
2015-05-17 16:58 - 2015-04-13 08:32 - 00000000 ____D () C:\Users\Mitchell\Desktop\Media
2015-05-17 16:35 - 2013-08-22 10:44 - 00499544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 16:34 - 2013-04-06 00:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 16:34 - 2013-04-06 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 16:33 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2015-05-17 16:30 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-17 16:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-17 16:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-14 03:58 - 2014-08-05 11:59 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3690005664-4159630313-185192455-1001
2015-05-14 03:58 - 2013-10-28 19:09 - 00000000 ____D () C:\Users\Mitchell
2015-05-12 23:04 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 22:54 - 2013-07-26 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:47 - 2013-02-15 12:05 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:38 - 2013-04-06 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:27 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 22:02 - 2014-08-27 09:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-12 21:59 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-12 21:33 - 2013-11-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 21:33 - 2013-02-13 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-11 22:10 - 2013-08-03 19:18 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\Autobahn
2015-05-11 20:39 - 2013-06-08 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-11 20:37 - 2015-04-13 22:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-11 20:37 - 2015-02-18 13:23 - 00000000 ____D () C:\Users\Administrator.Moogy
2015-05-11 20:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-11 20:33 - 2013-04-05 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-11 20:30 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-11 20:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-10 23:37 - 2013-03-02 01:10 - 00907264 ___SH () C:\Users\Mitchell\Desktop\Thumbs.db
2015-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-05-10 23:31 - 2013-04-11 00:49 - 00892928 ___SH () C:\Users\Mitchell\Downloads\Thumbs.db
2015-05-05 13:59 - 2015-03-14 21:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-14 21:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-22 19:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-19 21:16 - 2014-10-01 17:27 - 00007891 _____ () C:\WINDOWS\BRRBCOM.INI
2015-04-19 20:21 - 2015-03-14 21:30 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

==================== Files in the root of some directories =======

2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Mitchell\AppData\Roaming\FU8F6FH63j
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Mitchell\AppData\Roaming\LMmAD3WOyiEgwo8fvc
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Mitchell\AppData\Roaming\LXAW
2015-05-11 19:47 - 2015-05-11 19:47 - 0000041 _____ () C:\Users\Mitchell\AppData\Roaming\mbam.context.scan
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\VGFmsOl15Q5de6
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Mitchell\AppData\Roaming\ZA
2015-05-11 13:21 - 2015-05-11 13:21 - 0613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsc6725.tmp
2015-05-11 14:00 - 2015-05-11 14:00 - 0613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsi549F.tmp
2015-05-11 13:09 - 2015-05-11 13:43 - 0000112 _____ () C:\ProgramData\MS6c5m1.dat

Files to move or delete:
====================
C:\ProgramData\MS6c5m1.dat


Some content of TEMP:
====================
C:\Users\Mitchell\AppData\Local\Temp\Couponscom.exe
C:\Users\Mitchell\AppData\Local\Temp\DefaultPack.exe
C:\Users\Mitchell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ddxq4.dll
C:\Users\Mitchell\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 13:06

==================== End Of Log ============================

 

This is the 2nd log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Mitchell at 2015-05-18 13:30:08
Running from C:\Users\Mitchell\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3690005664-4159630313-185192455-500 - Administrator - Disabled) => C:\Users\Administrator.Moogy
Guest (S-1-5-21-3690005664-4159630313-185192455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3690005664-4159630313-185192455-1007 - Limited - Enabled)
Mitchell (S-1-5-21-3690005664-4159630313-185192455-1001 - Administrator - Enabled) => C:\Users\Mitchell

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\BitTorrent) (Version: 7.9.3.39947 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Cash Back Assistant (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2013.3.17.9 - BeFrugal.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dropbox (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
hide.me VPN version 1.0.7 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.0.7 - eVenture Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Digital Image Pro 10 (HKLM-x32\...\PictureIt_PI2_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{52F02F20-77E1-41A6-9758-7C8751D880A2}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.45 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\ShopAtHome.com Helper) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\ShopAtHome.com Toolbar) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mitchell\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-04-2015 06:01:32 Windows Update
11-05-2015 01:51:58 Scheduled Checkpoint
11-05-2015 20:03:41 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2013-09-07 18:44 - 00000849 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01693D02-1027-498C-94DB-F7E1C3E2F6A3} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {09A410A8-566B-4096-BCA3-F87C93941786} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3690005664-4159630313-185192455-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {0A85EB8D-C24E-4CC2-A9AC-49A87183E202} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender No Task File <==== ATTENTION
Task: {1CED53BB-803F-4434-940D-3E1D7D72E5FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1EE21807-C65A-4A94-9CF9-9C6F23FC07A4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {22662A48-FA24-4459-AA9D-79BC0FAE0CDB} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {27966A48-DA33-4899-80C9-5DF248B23D09} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {2D64F67F-EF8F-4196-9110-FC244B779AF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {4520E978-EE3C-4AEF-BE37-9DE847D5495C} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - \Microsoft\Windows\WS\Badge Update No Task File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {585AA316-6551-4490-A789-462AA17C8D94} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe [2015-04-03] ()
Task: {5D8337DE-23D7-4C59-89CF-E19E36849E4E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOOGY-Mitchell Moogy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {753EA53C-6FF4-4B20-B96A-153A144A898D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {795C9008-6C6D-425A-8ACD-2C74138B2B13} - \Norton Anti-Theft\Norton Error Processor No Task File <==== ATTENTION
Task: {7B857988-3067-4E13-8891-998F430972F7} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {7DED9552-1102-4FF4-B20B-10EA2186F370} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {968C8379-0E39-4FE0-B423-F67512DAB2F0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - \Microsoft\Windows\WS\Sync Licenses No Task File <==== ATTENTION
Task: {A20231B4-1CB5-4E84-BC08-504230061E5A} - \TOSHIBA\Service Station No Task File <==== ATTENTION
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {C480C791-BCE2-48DD-8C32-E4AC3EE466C7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {D04EE35E-CFCB-4755-BD14-6DDA0EA44552} - \Norton Anti-Theft\Norton Error Analyzer No Task File <==== ATTENTION
Task: {D05F2EC4-F934-4D29-80AA-C42AF60FDE4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {E8E834E2-46E8-4899-A078-5C785048ACC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {F5DF14B7-0A7B-48D7-AE5D-638BB5A9B754} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F61C1098-6385-4992-9119-CE0F68340314} - \Microsoft\Windows\Servicing\StartComponentCleanup No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BeFrugal.com Toolbar.job => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exeIC:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9BeFrugal.com
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-21 03:29 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00008192 _____ () C:\mongoose-2.8\srvany.exe
2009-07-08 17:05 - 2009-07-08 17:05 - 00057344 _____ () C:\mongoose-2.8\mongoose.exe
2014-10-01 17:26 - 2005-04-22 00:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-03-17 04:31 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 23:13 - 2012-08-13 23:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00155648 _____ () C:\mongoose-2.8\ssleay32.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00716800 _____ () C:\mongoose-2.8\LIBEAY32.dll
2014-09-23 21:02 - 2014-11-21 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-01 17:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-23 21:02 - 2014-11-21 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-23 21:06 - 2014-11-21 22:54 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mitchell\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mitchell\Desktop\65de25f9-09e2-4d81-ab1c-7a98bc88b0af - Copy.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\#Heel.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Dolph.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Image11.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Painted Pumpkins.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Pumpkin Head.jpg:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mitchell\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\photo gallery wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: THAccelSvc => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FDF35EA1-9AB5-4CF2-A093-3CB3ECA4AF30}C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D406E88D-B6BA-4517-B884-74FB45AE98FD}C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1713BB61-44BD-4EB9-8781-4A2A86058306}] => (Allow) C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7C01C324-A09E-4C1A-9221-A6B586B2D010}] => (Allow) C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E5E0053E-939C-4880-9375-74B93E47BC6D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{A5616AAB-06F6-48AC-A727-40095DA437E0}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{C7FCEA95-E802-4A99-8195-FC8FA079898B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C1EF8DEF-ACAE-415D-903D-74BC24220A31}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4D348C86-4908-4181-BDEB-1E4089C075AD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{635E8826-24D1-4A2F-AAED-170B06AD8316}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6200136A-F059-407A-8733-29A5E1170197}] => (Allow) LPort=2869
FirewallRules: [{3D4F7F55-7DFD-4AF8-8800-E208C1C7DA21}] => (Allow) LPort=1900
FirewallRules: [{0F2623B3-C527-422C-BD15-17D8CB48CD66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A79576D0-393C-4B8C-ADCD-4CC0E8F7FE24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{860608CE-1103-4243-BAB7-2038BA481B91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E15C15F-3282-4181-83D1-DD41FC416F28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC3930C7-2470-4A98-A01E-2D7C61330488}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{13A79DF8-9D8C-4BDA-B557-BFBF65372166}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{4FA3DD2B-A286-41CD-85CA-DA8652A47487}] => (Allow) LPort=54925
FirewallRules: [{102406AA-5601-43DC-B824-07F19E1B3748}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01FC92EF-389D-4D51-BFD0-6769F2179960}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A331346E-334D-44E5-BA56-4D4DB00B9450}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{65EB4CC9-3ED2-4AA7-9669-89119C62A352}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{E7C11C6F-ECF5-4557-A8B7-0E74DA24C41A}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [UDP Query User{76C66478-5C58-4213-8F8D-01DFCD43A42E}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [TCP Query User{9422F83A-4DD4-4F7D-AF74-FBCF0BAC2E18}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [UDP Query User{B3F83ABC-C188-4B14-A594-580FF3F9B894}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [TCP Query User{261FC00F-5B78-4562-B592-9AC65B498CFD}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [UDP Query User{00E69768-ABBE-4EC4-AEA6-90CE9909486B}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2015 01:18:56 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59818672

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59818672

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59817375

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59817375

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59816078

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59816078

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/18/2015 00:21:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer WYBINOW
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}.
The master browser is stopping or an election is being forced.

Error: (05/17/2015 04:48:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/17/2015 04:41:46 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/17/2015 04:10:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer WYBINOW
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}.
The master browser is stopping or an election is being forced.

Error: (05/12/2015 10:22:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer WYBINOW
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}.
The master browser is stopping or an election is being forced.

Error: (05/12/2015 10:02:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000005 (0xffffe0006108a040, 0xffffe00065b3c8c0, 0x0000000000000000, 0x0000000000000001)C:\WINDOWS\MEMORY.DMP051215-20890-01

Error: (05/12/2015 09:35:29 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/12/2015 06:00:55 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/11/2015 10:19:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/11/2015 10:19:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/18/2015 01:18:56 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59818672

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59818672

Error: (05/18/2015 00:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59817375

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59817375

Error: (05/18/2015 00:20:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59816078

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59816078

Error: (05/18/2015 00:20:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-05-18 12:59:56.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-18 12:59:56.184
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-18 12:59:55.648
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-18 12:59:53.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-18 12:59:53.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 17:01:42.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 17:01:41.902
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 17:01:41.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 17:01:39.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 17:01:38.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 3980.22 MB
Available physical RAM: 2048.14 MB
Total Pagefile: 8076.22 MB
Available Pagefile: 5907.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10657300D) (Fixed) (Total:454.15 GB) (Free:370.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

PLEASE HELP! Thank you.



#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 18 May 2015 - 08:23 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 5 days will result in this thread being closed.


Hello Xarmark77,

My name is mAL_rEm018, but feel free to call me mAL.  I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 18 May 2015 - 11:50 PM

Hey mAL

I will not run scans and I have everything backed up.  Thank you for taking the time and effort to fix my computer, if possible.  I will print out or record any directions if necessary.  I will definitely contact you if I have questions on what I should be doing or if I am confused.  I will rely on your knowledge and not go to another source.  I hope you with your teacher's help can remove whatever it is that has infected this computer.  Thanks again.



#6 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 20 May 2015 - 11:57 PM

Hi Xarmark77,

 

I was trying to get a file from kickasstorent.com it came with a downloader and that came with a whole bunch of malware.

Using Peer-to-Peer (P2P) software such as Bittorent, Utorrent, etc.. is a sure way to get infected.  While we work together, I will have to ask you to remove BitTorrent to prevent catching more infections.


Please answer the following questions..


  • Did you set your DNS to Google's public DNS?

    Tcpip\..\Interfaces\{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}: [NameServer] 8.8.8.8,8.8.4.4
    DNS Servers: 8.8.8.8 - 8.8.4.4

  • Did you set your Firefox Network.Proxy.type to "Auto-detect proxy settings."?

    FF NetworkProxy: "type", 4


Before we perform any more scans, it is necessary that you backup your registry..

Backup your registry using TCRB


  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..



  • Right-click on the Start icon, located on the bottom-left of your screen.
  • Open Programs and Features.
  • Select the following programs:

    Cash Back Assistant
    ShopAtHome.com Helper
    ShopAtHome.com Toolbar
    BitTorrent

  • Click Uninstall/Change.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.


PUP (Potentially Unwanted Programs)


Prism Video File Converter

Potentially Unwanted Programs (PUP) are software that have unpredictable behaviour and/or might have been installed on your computer without your direct consent.  You might have installed them willingly, in which case feel free to keep them.  However, if you did not I advise you to remove them.  If you decide to remove this program, please follow the steps above.

Next..


Adwcleaner

  • Please download AdwCleaner to your Desktop from here.
  • Close all your programs and right-click adwcleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point



I need you to run a search..


  • Please download System look to your desktop.
  • Right-click on SystemLook_x64.exe and select Run as administrator.
  • A window will open.  Copy/paste the following inside the window:
    
    :filefind
    
    *Fun4IM*
    
    *Bandoo*
    
    *Searchnu*
    
    *Searchqu*
    
    *iLivid*
    
    *whitesmoke*
    
    *datamngr*
    
    *kelkoopartners*
    
    *trolltech*
    
    *babylon*
    
    *conduit*
    
    *Lucky Searches*
    
    *Luckysearches*
    
    *SharkManCoupon*
    
    
    
    :folderfind
    
    *Fun4IM*
    
    *Bandoo*
    
    *Searchnu*
    
    *Searchqu*
    
    *iLivid*
    
    *whitesmoke*
    
    *datamngr*
    
    *kelkoopartners*
    
    *trolltech*
    
    *babylon*
    
    *conduit*
    
    *Lucky Searches*
    
    *Luckysearches*
    
    *SharkManCoupon*
    
    
    
    :regfind
    
    Fun4IM
    
    Bandoo
    
    Searchnu
    
    Searchqu
    
    iLivid
    
    whitesmoke
    
    datamngr
    
    kelkoopartners
    
    trolltech
    
    babylon
    
    conduit
    
    Lucky Searches
    
    Luckysearches
    
    SharkManCoupon
    
    
  • Select Look and the scan will start.
  • After the scan is finished a window will open.  Please post the content in your next reply.


You mentioned earlier that you ran MalwareBytes.  I would like to see the log to know which infections were quarantined.


  • Open Malwarebytes and click on History.
  • Select Application Logs on the left tab.
  • The Application Logs are listed by date (dd/mm/yy), click on the appropriate one.
  • Select Export and Paste the content in a notepad file.
  • Save the file as Mbam Scan.txt
  • Exit Malwarebytes.
  • Please post me the content of Mbam scan.txt in your next reply.



-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Answer to my questions.
  • AdwCleaner log.
  • System look log.
  • Mbam Scan.txt
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#7 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 May 2015 - 06:31 PM

Problems:

 

I uninstalled Bit Torrent and it said the program wasn't there and it asked me to delete it from the list of programs. I restarted the computer and it started as the computer started.  So, I went back to programs and it wasn't there, so I couldn't uninstall bit torrent.  Is there a clean uninstall for bit torrent?

 

When I go to download Adwcleaner I get a message saying Windows protected your PC-Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your pc at risk. I am running it anyway; just informing you of the issues that come up.

 

 

Answers:

Did you set your DNS to Google's public DNS?  I don't know how to do this?

Did you set your Firefox Network.Proxy.type to "Auto-detect proxy settings."? I don't know how to do this?

 

Adw Cleaner Log File

# AdwCleaner v4.205 - Logfile created 21/05/2015 at 13:41:21
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Mitchell - MOOGY
# Running from : C:\Users\Mitchell\Downloads\

AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ceaohckoegdncfpojeiehjkaffbdahli_0
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceaohckoegdncfpojeiehjkaffbdahli
File Found : C:\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB
File Found : C:\Users\Mitchell\AppData\Roaming\LXAW
Folder Found : C:\ProgramData\radio
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

***** [ Scheduled tasks ] *****
 
System Look Results
SystemLook 04.09.10 by jpshortstuff
Log created at 13:53 on 21/05/2015 by Mitchell
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\WindowsApps\Microsoft.
BingFoodAndDrink_3.0.4.253_x64__8wekyb3d8bbwe\AppCode\Data\SearchQueryData.js    --a---- 10437 bytes    [06:30 01/10/2014]    [06:30 01/10/2014] BBA5ED5725258BF785903CE78B931802
C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.315_x64__8wekyb3d8bbwe\AppCode\Data\SearchQueryData.js    --a---- 10437 bytes    [06:30 01/10/2014]    [06:30 01/10/2014] BBA5ED5725258BF785903CE78B931802

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*kelkoopartners*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\Mitchell\AppData\Local\Plex Media Server\Plug-ins\Media-Flags.bundle\Contents\Resources\Studio\babylonian.png    --a---- 3450 bytes    [21:00 16/12/2014]    [21:00 16/12/2014] 154AD4B3CE4930F5C27BFFA6687584E4

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll    --a---- 1322368 bytes    [01:51 11/06/2014]    [01:51 11/06/2014] 5A2B082A760722E08042E3892D07690E
C:\Users\Mitchell\Desktop\Old Firefox Data\l9zoe618.default-1365442235700\searchplugins\conduit.xml    --a---- 1001 bytes    [19:51 09/12/2013]    [18:31 07/09/2013] 705D38ABEC8E1325728ACCD4018AAB0C

Searching for "*Lucky Searches*"
No files found.

Searching for "*Luckysearches*"
No files found.

Searching for "*SharkManCoupon*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*kelkoopartners*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
No folders found.

Searching for "*Lucky Searches*"
No folders found.

Searching for "*Luckysearches*"
No folders found.

Searching for "*SharkManCoupon*"
No folders found.

========== regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*www\.searchqu\.com/.*"="0"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.4.315_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
@="CLocationSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*www\.searchqu\.com/.*"="0"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.4.315_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.4.315_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*isearch\.babylon\.com/.*"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.babylon\.com/.*"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*isearch\.babylon\.com/.*"="0"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.babylon\.com/.*"="0"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.conduit\.com/.*"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Geek Squad\MRI\Startup Manager\Undo\000001]
"Value"="ConduitFloatingPlugin_iigplimlmgilpobjilfbfeilnpiigpgl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Geek Squad\MRI\Startup Manager\Undo\000001]
"Command"=""C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309350\plugins\TBVerifier.dll",RunConduitFloatingPlugin iigplimlmgilpobjilfbfeilnpiigpgl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"A2CA2FA62353DF34F9D4DB9C0C7D427C"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.conduit\.com/.*"="0"

Searching for "Lucky Searches"
No data found.

Searching for "Luckysearches"
No data found.

Searching for "SharkManCoupon"
No data found.

-= EOF =-
 

 

Mbam Scan.txt

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2015
Scan Time: 9:36:27 PM
Logfile: Mbam Scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.12.08
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mitchell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436712
Time Elapsed: 22 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0297A026-3011-46D3-AD62-BB9A7612AEA7}, Quarantined, [992f71212c5ef73f78be7519c2417d83],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D69ED06-0171-4379-9528-08DF51092727}, Quarantined, [804889098ffb1b1bce6c46484fb41fe1],
PUP.Optional.DealSpy.A, HKLM\SOFTWARE\WOW6432NODE\Deal Spy, Quarantined, [21a79bf7cfbb0630f2f74c06cf3651af],
PUP.Optional.Getsavin.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [a12720727a10ec4ad4465f8e907327d9],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-500\SOFTWARE\CouponXplorer_5z, Quarantined, [d2f6d7bb57335cda15f98bc69d68dc24],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-500\SOFTWARE\APPDATALOW\SOFTWARE\CouponXplorer_5z, Quarantined, [c800434f55357fb7a19b67a26c988080],

Registry Values: 9
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, ³å`â? AlÃ?Dâ?¦ Ë?Ã?â?ºÂ¾ÃA, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6]
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107662c1c6e2f070ea986ce7e851ae6],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c107761c1773350190278aca9a69748c],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{9b138bf3-1d40-4e7e-84bb-2975198ad938}, Quarantined, [488089095436e94d8aa81e708d7611ef],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{9B138BF3-1D40-4E7E-84BB-2975198AD938}, Quarantined, [488089095436e94d8aa81e708d7611ef],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{9B138BF3-1D40-4E7E-84BB-2975198AD938}, Quarantined, [488089095436e94d8aa81e708d7611ef],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3690005664-4159630313-185192455-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{9b138bf3-1d40-4e7e-84bb-2975198ad938}, Quarantined, [4a7e5c3698f20b2b90a28c0219eaf010],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [596fd1c192f842f4a90e272dcc373ec2],
PUP.Optional.CouponsBar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}, C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi, Quarantined, [18b029691575a1959cd3ba994eb7926e]

Registry Data: 0
(No malicious items detected)

Folders: 24
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV11.05, Quarantined, [0fb9751dfb8f4cea2ea4834e0af97789],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus_1.3dV11.05, Quarantined, [30988111a2e8f2447e54f9d88f74bc44],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V18.12, Quarantined, [0abef39f05853303478b6c65ef146898],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [25a3b3df0e7c7fb7729c6470f50eff01],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.VPNPrivat.A, C:\Program Files (x86)\VPN_Privat, Quarantined, [ad1b038f9af09c9aafa39553c43fd927],
PUP.Optional.DealSpy.A, C:\Users\Mitchell\AppData\Local\Deal Spy, Quarantined, [596f474b1f6ba78fb76de7c612f17c84],
PUP.Optional.DealSpy.A, C:\Users\Mitchell\AppData\Local\Deal Spy\Chrome, Quarantined, [596f474b1f6ba78fb76de7c612f17c84],
PUP.Optional.Mindspark.A, C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5zEI, Quarantined, [398f266c8109e94d9e245d503dc61ee2],
PUP.Optional.Mindspark.A, C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5zEI\Installr, Quarantined, [398f266c8109e94d9e245d503dc61ee2],
PUP.Optional.Mindspark.A, C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache, Quarantined, [398f266c8109e94d9e245d503dc61ee2],
PUP.Optional.OneSoftPerDay.A, C:\Users\Mitchell\AppData\Local\ospd_us_511, Quarantined, [02c694fef397d85ea970ead2b053629e],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\extensionData, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\extensionData\userCode, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons\actions, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\js, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\js\lib, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\js\lib\popupResource, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\37EE3489-84C3-4573-BC84-F6F7DCC25F25, Quarantined, [1dab870b0f7bf64011a69137d92a936d],
PUP.Optional.DigiDocket.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojkojoodocjeiopbhabaimjgcpefgjm\1.0.1_0, Quarantined, [aa1e0191e0aa0f278dff77dfec1a38c8],
PUP.Optional.DigiDocket.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojkojoodocjeiopbhabaimjgcpefgjm, Quarantined, [aa1e0191e0aa0f278dff77dfec1a38c8],

Files: 49
PUP.Optional.ModGoog, C:\Users\Mitchell\AppData\Local\Temp\goopdate.dll.old6fb36a73, Quarantined, [5f696f237812ac8a6aab0c3dcc3623dd],
Trojan.Downloader, C:\Users\Mitchell\AppData\Local\Temp\nsa5A03.tmp, Quarantined, [992f751d4248e2540052291adf24847c],
PUP.Optional.Bundle, C:\Users\Mitchell\AppData\Local\Temp\nsa5A04.tmp, Quarantined, [c008bed4b0da0d29e7ae7196e02605fb],
PUP.Optional.MultiPlug.A, C:\Users\Mitchell\AppData\Local\Temp\__tmp_398d1f33, Quarantined, [cdfb1c768dfdac8a8aa0dd78d230728e],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Temp\is-NVDU7.tmp\components, Quarantined, [3395d3bf701a7eb8e3f66be124e27888],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV11.05\bgNova.html, Quarantined, [0fb9751dfb8f4cea2ea4834e0af97789],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV11.05\dd37c962-12ae-494c-aec5-25a6dd56e998.crx, Quarantined, [0fb9751dfb8f4cea2ea4834e0af97789],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV11.05\ec88b310-283a-49ba-8f48-ddf960946730.xpi, Quarantined, [0fb9751dfb8f4cea2ea4834e0af97789],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus_1.3dV11.05\bgNova.html, Quarantined, [30988111a2e8f2447e54f9d88f74bc44],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus_1.3dV11.05\01eee878-75b4-4987-8061-d4e166dd7683.crx, Quarantined, [30988111a2e8f2447e54f9d88f74bc44],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus_1.3dV11.05\15eb86eb-b5ee-4351-951f-700de48dc359.xpi, Quarantined, [30988111a2e8f2447e54f9d88f74bc44],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V18.12\bgNova.html, Quarantined, [0abef39f05853303478b6c65ef146898],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V18.12\3095cfbc-858f-403b-b96c-e012133be7be.crx, Quarantined, [0abef39f05853303478b6c65ef146898],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V18.12\background.html, Quarantined, [0abef39f05853303478b6c65ef146898],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V18.12\f48d44b5-64ba-4dec-8e69-1c6d20ea4d69.xpi, Quarantined, [0abef39f05853303478b6c65ef146898],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [25a3b3df0e7c7fb7729c6470f50eff01],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_config_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_diagnostic_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_serp_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_shoppingcart_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_notification_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_privacy_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_voicebox_rules_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.ConsumerInput.C, C:\Users\Mitchell\AppData\Roaming\Compete\Consumer Input\DCA_whitelist_gladiolus000.dat, Quarantined, [9a2ef2a01b6f45f11ef9e5f04fb42dd3],
PUP.Optional.BoostSaves.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Quarantined, [c701e6acf99182b42315c1257f84d12f],
PUP.Optional.BoostSaves.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Quarantined, [c20661316c1ea78f82b66d79c73c2ed2],
PUP.Optional.VPNPrivat.A, C:\Program Files (x86)\VPN_Privat\unins000.dat, Quarantined, [ad1b038f9af09c9aafa39553c43fd927],
PUP.Optional.Tuvaro, C:\Users\Mitchell\AppData\Local\Temp\59D317DB041748fdB89B47E6F96058F3@jetpack.xpi, Quarantined, [01c7f59d99f1d363e1f7a44ed52eba46],
PUP.Optional.Boost.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Quarantined, [9236038fa4e6db5b18dc9568fc078977],
PUP.Optional.Boost.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [6f598f036f1b80b6579d3fbe33d037c9],
PUP.Optional.Vitruvian.A, C:\Users\Mitchell\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [7c4c9ff3b5d53303e45ad08e0ef7ec14],
PUP.Optional.DealSpy.A, C:\Users\Mitchell\AppData\Local\Deal Spy\Chrome\Installer.log, Quarantined, [596f474b1f6ba78fb76de7c612f17c84],
PUP.Optional.Mindspark.A, C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\0FD1F84C.exe, Quarantined, [398f266c8109e94d9e245d503dc61ee2],
PUP.Optional.Mindspark.A, C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\files.ini, Quarantined, [398f266c8109e94d9e245d503dc61ee2],
PUP.Optional.OneSoftPerDay.A, C:\Users\Mitchell\AppData\Local\ospd_us_511\upospd_us_511.cyl, Quarantined, [02c694fef397d85ea970ead2b053629e],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\background.html, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\chromeCoreFilesIndex.txt, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\manifest.json, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\popup.html, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\Settings.json, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\extensionData\manifest.xml, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\extensionData\plugins.json, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons\icon128.png, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons\icon16.png, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons\icon48.png, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.CrossRider.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb\1.26.34_0\icons\actions\1.png, Quarantined, [ffc96032a3e739fd051b606038cb21df],
PUP.Optional.DigiDocket.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojkojoodocjeiopbhabaimjgcpefgjm\1.0.1_0\manifest.json, Quarantined, [aa1e0191e0aa0f278dff77dfec1a38c8],
PUP.Optional.DigiDocket.A, C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojkojoodocjeiopbhabaimjgcpefgjm\1.0.1_0\icon.png, Quarantined, [aa1e0191e0aa0f278dff77dfec1a38c8],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Hope this helps you helps me!



#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 22 May 2015 - 06:32 PM

Hi Xarmark77,


Do you know what the following folders are?
 

2015-05-10 23:37 - 2015-05-10 23:37 - 00000651 _____ () C:\Users\Mitchell\Desktop\www - Shortcut.lnk
2015-05-10 13:53 - 2015-05-11 19:32 - 00000000 ____D () C:\www
2015-05-11 12:58 - 2015-05-11 13:42 - 00000000 ____D () C:\ProgramData\abc


I uninstalled Bit Torrent and it said the program wasn't there and it asked me to delete it from the list of programs. I restarted the computer and it started as the computer started.  So, I went back to programs and it wasn't there, so I couldn't uninstall bit torrent.  Is there a clean uninstall for bit torrent?

Let's try the following and if it doesn't work let me know in your next post.


Please download Add Remove Program Cleaner to your desktop.


  • Right-click on addremovecleaner and select " Run as administrator" to run it.
  • Locate BitTorrent in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.

When I go to download Adwcleaner I get a message saying Windows protected your PC-Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your pc at risk. I am running it anyway; just informing you of the issues that come up.

This is nothing to worry about.  Some of the tools we use for malware removal can sometimes be flagged by security software, but I can assure you that all the tools I will ask you to download are safe to run.


You did not post the entire AdwCleaner log.


  • Please navigate to the following file:

    C:\AdwCleaner\AdwCleaner[R0].txt

  • Open AdwCleaner[R0].txt and copy/paste the content in your next reply.

I need you to run a fix..



  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BitTorrent] => C:\Users\Mitchell\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe [1696104 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [Hide.me] => [X]
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\MountPoints2: {4ff1cfa9-7cff-11e4-bede-008cfa2fa40e} - "E:\autorun.exe"
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BFHP] => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exe [411680 2015-02-03] (Capital Intellect, Inc.)
SearchScopes: HKU\.DEFAULT -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
Tcpip\..\Interfaces\{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}: [NameServer] 8.8.8.8,8.8.4.4
FF NetworkProxy: "type", 4
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
CHR Extension: (No Name) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2014-12-18]
S0 nvrptm; System32\drivers\coddlebo.sys [X]
Task: {01693D02-1027-498C-94DB-F7E1C3E2F6A3} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender No Task File <==== ATTENTION
Task: {22662A48-FA24-4459-AA9D-79BC0FAE0CDB} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {4520E978-EE3C-4AEF-BE37-9DE847D5495C} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - \Microsoft\Windows\WS\Badge Update No Task File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {795C9008-6C6D-425A-8ACD-2C74138B2B13} - \Norton Anti-Theft\Norton Error Processor No Task File <==== ATTENTION
Task: {7B857988-3067-4E13-8891-998F430972F7} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - \Microsoft\Windows\WS\Sync Licenses No Task File <==== ATTENTION
Task: {A20231B4-1CB5-4E84-BC08-504230061E5A} - \TOSHIBA\Service Station No Task File <==== ATTENTION
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {D04EE35E-CFCB-4755-BD14-6DDA0EA44552} - \Norton Anti-Theft\Norton Error Analyzer No Task File <==== ATTENTION
Task: {F5DF14B7-0A7B-48D7-AE5D-638BB5A9B754} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F61C1098-6385-4992-9119-CE0F68340314} - \Microsoft\Windows\Servicing\StartComponentCleanup No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\BeFrugal.com Toolbar.job => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exeIC:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9BeFrugal.com
FirewallRules: [{A331346E-334D-44E5-BA56-4D4DB00B9450}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{65EB4CC9-3ED2-4AA7-9669-89119C62A352}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{261FC00F-5B78-4562-B592-9AC65B498CFD}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [UDP Query User{00E69768-ABBE-4EC4-AEA6-90CE9909486B}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
2015-05-18 13:19 - 2015-04-13 08:28 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\BitTorrent
2015-05-10 20:39 - 2015-05-10 20:39 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\BeFrugal
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\LMmAD3WOyiEgwo8fvc
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\FU8F6FH63j
2015-05-11 13:21 - 2015-05-11 13:21 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsc6725.tmp
2015-05-11 14:00 - 2015-05-11 14:00 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsi549F.tmp
2015-05-11 13:54 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\Radio
2015-05-11 14:20 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\qvm
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\VGFmsOl15Q5de6
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Mitchell\AppData\Roaming\LXAW
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Mitchell\AppData\Roaming\ZA
C:\ProgramData\MS6c5m1.dat
C:\Users\Mitchell\AppData\Local\Temp\Couponscom.exe
C:\Users\Mitchell\AppData\Local\Temp\DefaultPack.exe
C:\Users\Mitchell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ddxq4.dll
C:\Users\Mitchell\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll
C:\Users\Mitchell\Desktop\Old Firefox Data\l9zoe618.default-1365442235700\searchplugins\conduit.xml

[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome]
[-HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome]
[-HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ApnUpdater /f

EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CreateRestorePoint:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


Next..

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to  ESET online scannner

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Please answer the following questions:


  • Have you been receiving help from "The Geek Squad" and/or have you installed any of their programs?
  • How is your computer behaving?



-----------------------------------------
In your next reply, I would like to see..

  • Were you able to remove Bittorrent?
  • Complete AdwCleaner log.
  • fixlog.txt
  • Eset scan results
  • Answer to my questions
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 23 May 2015 - 03:00 AM

Hey mAL,

I have done all that you have asked me to do and I continue to appreciate your support.

 

Were you able to remove Bittorrent?

I am not sure if Bit Torrent is removed.  It wasn't on the List of programs onthe add/remove uninstall program you had me download.. When I restarted the computer it would start when the computer started.Yet, after the fix, it no longer was running at startup. So, I am not sure if it's completely gone.

 

Complete Adw Cleaner Log

# AdwCleaner v4.203 - Logfile created 11/05/2015 at 22:16:43
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Mitchell - MOOGY
# Running from : C:\Users\Mitchell\Downloads\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****

Service Found : CouponPrinterService
Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ceaohckoegdncfpojeiehjkaffbdahli_0
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceaohckoegdncfpojeiehjkaffbdahli
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ceaohckoegdncfpojeiehjkaffbdahli_0.localstorage
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ceaohckoegdncfpojeiehjkaffbdahli_0.localstorage-journal
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Mitchell\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\Mitchell\AppData\Roaming\Bubble Dock.installation.log
File Found : C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\fuay3mt8.default-1417589053923\searchplugins\trovi-search.xml
File Found : C:\Users\Mitchell\AppData\Roaming\Selection Tools.installation.log
File Found : C:\Users\Mitchell\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\Mitchell\AppData\Roaming\WindApp.installation.log
Folder Found : C:\Program Files (x86)\app_setup
Folder Found : C:\Program Files (x86)\Consumer Input
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons.com CouponBar
Folder Found : C:\Program Files (x86)\Coupons.com CouponBar
Folder Found : C:\Program Files (x86)\CouponXplorer_5z
Folder Found : C:\Program Files (x86)\CouponXplorer_5z
Folder Found : C:\Program Files (x86)\download Manager
Folder Found : C:\Program Files (x86)\GUPlayer
Folder Found : C:\Program Files (x86)\HitsBlenderUpdater
Folder Found : C:\Program Files (x86)\LuckyTab
Folder Found : C:\Program Files (x86)\Optimizer Pro 3.13
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\PricceLeess
Folder Found : C:\Program Files (x86)\TinyWallet
Folder Found : C:\Program Files (x86)\TinyWallet
Folder Found : C:\Program Files (x86)\WordProser_1.10.0.4
Folder Found : C:\Program Files\Common Files\pastaleads
Folder Found : C:\ProgramData\{3a4b974b-8945-5745-3a4b-b974b8945d2e}
Folder Found : C:\ProgramData\{5474db9e-89ee-de9a-5474-4db9e89e6e7a}
Folder Found : C:\ProgramData\{972cbd4d-bb32-5dd2-972c-cbd4dbb3f536}
Folder Found : C:\ProgramData\5ee4151c00007a8b
Folder Found : C:\ProgramData\cdjckjbekmfcbapfhkckpkaepeefedak
Folder Found : C:\ProgramData\cdjckjbekmfcbapfhkckpkaepeefedak
Folder Found : C:\ProgramData\cdjckjbekmfcbapfhkckpkaepeefedak
Folder Found : C:\ProgramData\donutleads
Folder Found : C:\ProgramData\f8093ab000000e40
Folder Found : C:\ProgramData\f91cb9fe3704a042
Folder Found : C:\ProgramData\FlashBeat
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\NetEngine
Folder Found : C:\ProgramData\PicColorData
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Administrator.Moogy\AppData\Local\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\AppData\Local\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\AppData\LocalLow\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\AppData\LocalLow\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\AppData\Roaming\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\AppData\Roaming\CouponXplorer_5z
Folder Found : C:\Users\Administrator.Moogy\Favorites\StumbleUpon
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Mitchell\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Mitchell\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\CouponXplorer_5z
Folder Found : C:\Users\Mitchell\AppData\Local\CouponXplorer_5z
Folder Found : C:\Users\Mitchell\AppData\Local\DefineExt
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnckcgljkccodoodknagmbpcpcemadcg
Folder Found : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
Folder Found : C:\Users\Mitchell\AppData\Local\HitsBlender
Folder Found : C:\Users\Mitchell\AppData\Local\LPT
Folder Found : C:\Users\Mitchell\AppData\Local\MaxiGet Download Manager
Folder Found : C:\Users\Mitchell\AppData\Local\Temp\digi docket
Folder Found : C:\Users\Mitchell\AppData\Local\torch
Folder Found : C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5z
Folder Found : C:\Users\Mitchell\AppData\LocalLow\CouponXplorer_5z
Folder Found : C:\Users\Mitchell\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Mitchell\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Mitchell\AppData\Roaming\20700E54-1431362393-E211-BC5B-008CFA2FA40E
Folder Found : C:\Users\Mitchell\AppData\Roaming\20700E54-1431368720-E211-BC5B-008CFA2FA40E
Folder Found : C:\Users\Mitchell\AppData\Roaming\20700E54-1431369607-E211-BC5B-008CFA2FA40E
Folder Found : C:\Users\Mitchell\AppData\Roaming\Nosibay
Folder Found : C:\Users\Mitchell\AppData\Roaming\ShopAtHome
Folder Found : C:\Users\Mitchell\AppData\Roaming\Store
Folder Found : C:\Users\Mitchell\AppData\Roaming\WTools
Folder Found : C:\Users\Mitchell\Favorites\StumbleUpon
Folder Found : C:\Users\Mitchell\Favorites\StumbleUpon

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\CouponXplorer_5z
Key Found : HKCU\Software\AppDataLow\Software\CouponXplorer_5z
Key Found : HKCU\Software\Classes\CLSID\{9b138bf3-1d40-4e7e-84bb-2975198ad938}
Key Found : HKCU\Software\CouponXplorer_5z
Key Found : HKCU\Software\CouponXplorer_5z
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.tb.ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65c72339-fb1d-4155-84e1-9afacee02d6f}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65c72339-fb1d-4155-84e1-9afacee02d6f}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf91f897-175f-43e3-8369-bd3ba14eee7b}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\PIP
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\CouponXplorer_5z
Key Found : [x64] HKCU\Software\CouponXplorer_5z
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2c76e19a-5b10-4018-92dd-54de302114f9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{46861ec7-fd7a-4197-b4a2-223196de2dcb}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{48708b86-3672-46f9-89cf-680f8e807b91}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5bb649a4-1c05-4e18-b7a0-80a0fd29d8d7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{627d42c1-e006-4bf2-bb79-d5fc6e0e01f0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{746c749a-528c-4e31-bc96-848c0d909fb4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76e9f00f-6852-44fc-b406-bb452f232a1b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{927c6290-8b1f-4673-9046-658843fea0d0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ae1fb1ef-c142-48d2-8bfa-2730b43e8bea}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b1c38f5a-506f-4f75-80d7-292903e8f87a}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b32e7dc1-4d99-4480-844a-06c15df31ed4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BEEED033-0126-4DC6-A531-9060E3410521}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{cf91f897-175f-43e3-8369-bd3ba14eee7b}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.FeedManager
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3852ab8e-1ca9-4b29-846f-092ca8d97969}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3852AB8E-1CA9-4B29-846F-092CA8D97969}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4132189a-73c7-4d3e-a8c2-82ef57842dac}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4132189A-73C7-4D3E-A8C2-82EF57842DAC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{697fa9f6-da51-4f3c-8f01-fd5daafc18e5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{697FA9F6-DA51-4F3C-8F01-FD5DAAFC18E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{787ED5A2-18E3-49F2-BCFA-8E2344087D50}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8221ac18-699f-46c9-8a89-0916cbdb5005}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8221AC18-699F-46C9-8A89-0916CBDB5005}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9D51D472-88C3-4E12-93EA-8AEAFC57B227}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9d51d472-88c3-4e12-93ea-8aeafc57b227}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E159D-74BA-45B7-AE12-F6D1A71F9E50}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{b12e159d-74ba-45b7-ae12-f6d1a71f9e50}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{b4685aa8-dbdd-4d8e-9a16-51b64646026a}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4685AA8-DBDD-4D8E-9A16-51B64646026A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{b4685aa8-dbdd-4d8e-9a16-51b64646026a}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{b4685aa8-dbdd-4d8e-9a16-51b64646026a}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{bb925fe4-7161-454f-88ee-7f58c40f549c}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB925FE4-7161-454F-88EE-7F58C40F549C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BE1EDE40-9C0B-4913-BF21-09F7AB5E270E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{be1ede40-9c0b-4913-bf21-09f7ab5e270e}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\CouponXplorer_5z
Key Found : HKLM\SOFTWARE\CouponXplorer_5z
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{342c5ca1-0a51-476e-bebb-923bdb3309b8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0f55b80-947d-4ba0-ad42-3f3923a87ed9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ead4279d-844b-4e80-a125-be6a16647f18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2c76e19a-5b10-4018-92dd-54de302114f9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{46861ec7-fd7a-4197-b4a2-223196de2dcb}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5bb649a4-1c05-4e18-b7a0-80a0fd29d8d7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEEED033-0126-4DC6-A531-9060E3410521}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cf91f897-175f-43e3-8369-bd3ba14eee7b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1b4cf49b-8b69-4a90-8b51-d2088e1ec1ba}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{d0584866-e0cd-41c8-93ec-5cd3e02e0f9d}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{65c72339-fb1d-4155-84e1-9afacee02d6f}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponXplorer Search Scope Monitor]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[fuay3mt8.default-1417589053923] - Line Found : user_pref("browser.search.hiddenOneOffs", "Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
[fuay3mt8.default-1417589053923] - Line Found : user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%[...]
[fuay3mt8.default-1417589053923] - Line Found : user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%2[...]
[fuay3mt8.default-1417589053923] - Line Found : user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22[...]
[fuay3mt8.default-1417589053923] - Line Found : user_pref("extensions.crossrider.bic", "14ad551b333bc69e037a398232dea0cd");

-\\ Google Chrome v31.0.1650.63

[C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : ceaohckoegdncfpojeiehjkaffbdahli

-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [29725 bytes] - [11/05/2015 22:16:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [29785 bytes] ##########
 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Mitchell at 2015-05-22 22:27:10 Run:1
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available profiles: Mitchell & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BitTorrent] => C:\Users\Mitchell\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe [1696104 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeWatcher] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [ShopAtHomeUpdater] => C:\Users\Mitchell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [Hide.me] => [X]
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\MountPoints2: {4ff1cfa9-7cff-11e4-bede-008cfa2fa40e} - "E:\autorun.exe"
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [BFHP] => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exe [411680 2015-02-03] (Capital Intellect, Inc.)
SearchScopes: HKU\.DEFAULT -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
Tcpip\..\Interfaces\{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}: [NameServer] 8.8.8.8,8.8.4.4
FF NetworkProxy: "type", 4
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
CHR Extension: (No Name) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2014-12-18]
S0 nvrptm; System32\drivers\coddlebo.sys [X]
Task: {01693D02-1027-498C-94DB-F7E1C3E2F6A3} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender No Task File <==== ATTENTION
Task: {22662A48-FA24-4459-AA9D-79BC0FAE0CDB} - \Microsoft\Windows\WindowsBackup\AutomaticBackup No Task File <==== ATTENTION
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {4520E978-EE3C-4AEF-BE37-9DE847D5495C} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {45561755-0BB2-49DF-9B3C-3F0CEB4AB61E} - \Microsoft\Windows\WS\Badge Update No Task File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {795C9008-6C6D-425A-8ACD-2C74138B2B13} - \Norton Anti-Theft\Norton Error Processor No Task File <==== ATTENTION
Task: {7B857988-3067-4E13-8891-998F430972F7} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E} - \Microsoft\Windows\WS\Sync Licenses No Task File <==== ATTENTION
Task: {A20231B4-1CB5-4E84-BC08-504230061E5A} - \TOSHIBA\Service Station No Task File <==== ATTENTION
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {D04EE35E-CFCB-4755-BD14-6DDA0EA44552} - \Norton Anti-Theft\Norton Error Analyzer No Task File <==== ATTENTION
Task: {F5DF14B7-0A7B-48D7-AE5D-638BB5A9B754} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F61C1098-6385-4992-9119-CE0F68340314} - \Microsoft\Windows\Servicing\StartComponentCleanup No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\BeFrugal.com Toolbar.job => C:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9\BFHP.exeIC:\Users\Mitchell\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.17.9BeFrugal.com
FirewallRules: [{A331346E-334D-44E5-BA56-4D4DB00B9450}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{65EB4CC9-3ED2-4AA7-9669-89119C62A352}] => (Allow) C:\Users\Mitchell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{261FC00F-5B78-4562-B592-9AC65B498CFD}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [UDP Query User{00E69768-ABBE-4EC4-AEA6-90CE9909486B}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
2015-05-18 13:19 - 2015-04-13 08:28 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\BitTorrent
2015-05-10 20:39 - 2015-05-10 20:39 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\BeFrugal
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\LMmAD3WOyiEgwo8fvc
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\Mitchell\AppData\Roaming\FU8F6FH63j
2015-05-11 13:21 - 2015-05-11 13:21 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsc6725.tmp
2015-05-11 14:00 - 2015-05-11 14:00 - 00613255 _____ (CMI Limited) C:\Users\Mitchell\AppData\Local\nsi549F.tmp
2015-05-11 13:54 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\Radio
2015-05-11 14:20 - 2015-05-11 20:31 - 00000000 ____D () C:\ProgramData\qvm
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Mitchell\AppData\Roaming\VGFmsOl15Q5de6
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Mitchell\AppData\Roaming\LXAW
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Mitchell\AppData\Roaming\ZA
C:\ProgramData\MS6c5m1.dat
C:\Users\Mitchell\AppData\Local\Temp\Couponscom.exe
C:\Users\Mitchell\AppData\Local\Temp\DefaultPack.exe
C:\Users\Mitchell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ddxq4.dll
C:\Users\Mitchell\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll
C:\Users\Mitchell\Desktop\Old Firefox Data\l9zoe618.default-1365442235700\searchplugins\conduit.xml

[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome]
[-HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome]
[-HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ApnUpdater /f

EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CreateRestorePoint:
*****************

HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent => value Deleted successfully.
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value Deleted successfully.
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value Deleted successfully.
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Hide.me => value Deleted successfully.
"HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ff1cfa9-7cff-11e4-bede-008cfa2fa40e}" => Key Deleted successfully.
HKCR\CLSID\{4ff1cfa9-7cff-11e4-bede-008cfa2fa40e} => Key not found.
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BFHP => Value not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842}" => Key Deleted successfully.
HKCR\CLSID\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842}" => Key Deleted successfully.
HKCR\CLSID\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC8D00B-CF6B-470A-803A-D536D5E5D3F1}\\NameServer => value Deleted successfully.
Firefox Proxy settings were reset.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb => Moved successfully.
nvrptm => Service Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01693D02-1027-498C-94DB-F7E1C3E2F6A3}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01693D02-1027-498C-94DB-F7E1C3E2F6A3}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace\GatherNetworkInfo" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DC0DAD2-F84F-429D-B085-411AE7CDE2D5}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DC0DAD2-F84F-429D-B085-411AE7CDE2D5}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\IME\SQM data sender" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22662A48-FA24-4459-AA9D-79BC0FAE0CDB}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22662A48-FA24-4459-AA9D-79BC0FAE0CDB}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\AutomaticBackup" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{287EB61E-849D-44F1-BF41-56B2A8081F95}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{287EB61E-849D-44F1-BF41-56B2A8081F95}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4520E978-EE3C-4AEF-BE37-9DE847D5495C}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4520E978-EE3C-4AEF-BE37-9DE847D5495C}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45561755-0BB2-49DF-9B3C-3F0CEB4AB61E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45561755-0BB2-49DF-9B3C-3F0CEB4AB61E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WS\Badge Update" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47BFE674-5DFA-4395-B88C-47D28D6E5597}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47BFE674-5DFA-4395-B88C-47D28D6E5597}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\WinSAT" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{795C9008-6C6D-425A-8ACD-2C74138B2B13}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795C9008-6C6D-425A-8ACD-2C74138B2B13}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B857988-3067-4E13-8891-998F430972F7}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B857988-3067-4E13-8891-998F430972F7}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9768ABD2-EB67-498E-A669-15A536AF817A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9768ABD2-EB67-498E-A669-15A536AF817A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WS\Sync Licenses" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A20231B4-1CB5-4E84-BC08-504230061E5A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A20231B4-1CB5-4E84-BC08-504230061E5A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TOSHIBA\Service Station" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C415FE0E-DDCB-44E0-A459-B9164B72424B}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C415FE0E-DDCB-44E0-A459-B9164B72424B}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D04EE35E-CFCB-4755-BD14-6DDA0EA44552}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04EE35E-CFCB-4755-BD14-6DDA0EA44552}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DF14B7-0A7B-48D7-AE5D-638BB5A9B754}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DF14B7-0A7B-48D7-AE5D-638BB5A9B754}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F61C1098-6385-4992-9119-CE0F68340314}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F61C1098-6385-4992-9119-CE0F68340314}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Servicing\StartComponentCleanup" => Key Deleted successfully.
C:\WINDOWS\Tasks\BeFrugal.com Toolbar.job => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A331346E-334D-44E5-BA56-4D4DB00B9450} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65EB4CC9-3ED2-4AA7-9669-89119C62A352} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{261FC00F-5B78-4562-B592-9AC65B498CFD}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{00E69768-ABBE-4EC4-AEA6-90CE9909486B}C:\users\mitchell\appdata\roaming\bittorrent\updates\7.9.3_40299.exe => value Deleted successfully.
C:\Users\Mitchell\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\Mitchell\AppData\Local\BeFrugal => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\LMmAD3WOyiEgwo8fvc => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\FU8F6FH63j => Moved successfully.
C:\Users\Mitchell\AppData\Local\nsc6725.tmp => Moved successfully.
C:\Users\Mitchell\AppData\Local\nsi549F.tmp => Moved successfully.
C:\ProgramData\Radio => Moved successfully.
C:\ProgramData\qvm => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\VGFmsOl15Q5de6 => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\LXAW => Moved successfully.
C:\Users\Mitchell\AppData\Roaming\ZA => Moved successfully.
C:\ProgramData\MS6c5m1.dat => Moved successfully.
C:\Users\Mitchell\AppData\Local\Temp\Couponscom.exe => Moved successfully.
C:\Users\Mitchell\AppData\Local\Temp\DefaultPack.exe => Moved successfully.
C:\Users\Mitchell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ddxq4.dll => Moved successfully.
C:\Users\Mitchell\AppData\Local\Temp\jre-8u45-windows-au.exe => Moved successfully.
"C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
C:\Users\Mitchell\Desktop\Old Firefox Data\l9zoe618.default-1365442235700\searchplugins\conduit.xml => Moved successfully.
HKEY_CURRENT_USER\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Trolltech => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3690005664-4159630313-185192455-1001\Software\ShopAtHome => Key not found.
HKEY_USERS\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Trolltech => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.

========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ApnUpdater /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Restore point was successfully created.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:30:00 ====

 

Eset Scan Results

C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5ztpinst.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mitchell\AppData\Roaming\20700E54-1431362393-E211-BC5B-008CFA2FA40E\nsiF651.tmp.vir    a variant of Win32/Adware.ConvertAd.NI application
C:\AdwCleaner\Quarantine\C\Users\Mitchell\AppData\Roaming\20700E54-1431362393-E211-BC5B-008CFA2FA40E\vnsqB0F7.tmp.vir    a variant of Win32/Adware.ConvertAd.OB.gen application
C:\AdwCleaner\Quarantine\C\Users\Mitchell\AppData\Roaming\20700E54-1431368720-E211-BC5B-008CFA2FA40E\vnsm99D8.tmp.vir    a variant of Win32/Adware.ConvertAd.OB.gen application
C:\AdwCleaner\Quarantine\C\Users\Mitchell\AppData\Roaming\20700E54-1431369607-E211-BC5B-008CFA2FA40E\vnsq5722.tmp.vir    a variant of Win32/Adware.ConvertAd.OB.gen application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Local\nsc6725.tmp.xBAD    Win32/AnyProtect.G potentially unwanted application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Local\nsi549F.tmp.xBAD    Win32/AnyProtect.G potentially unwanted application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Roaming\L8bB2NILKAtBFIln5tZYZu03qB.xBAD    JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Roaming\LXAW.xBAD    JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Roaming\VGFmsOl15Q5de6.xBAD    JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Mitchell\AppData\Roaming\ZA.xBAD    JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup(1).exe    a variant of Win32/InstallCore.XP potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup.exe    a variant of Win32/InstallCore.XP potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup400(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup400.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(2).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup413.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup418.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup419.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\ccsetup501.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\dfsetup214(1).exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\dfsetup214.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe    a variant of Win32/GetNow.A potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\mplayer_freely_d157223.exe    a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_(1).exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Mitchell\Desktop\downloaded\startbutton8-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\waterfox64bit-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Mitchell\Desktop\downloaded\WinZip175.exe    a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Mitchell\Dropbox\Downloads\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Mitchell\Dropbox\Downloads\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe    a variant of Win32/GetNow.A potentially unwanted application
C:\Users\Mitchell\Dropbox\Downloads\startbutton8-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
 

Answers to your questions

The files you enquired about:

 

2015-05-10 23:37 - 2015-05-10 23:37 - 00000651 _____ () C:\Users\Mitchell\Desktop\www - Shortcut.lnk This was the shortcut I created for a folder to serve as a directory to Roksbox which is an app on the Roku
2015-05-10 13:53 - 2015-05-11 19:32 - 00000000 ____D () C:\www This was a folder to serve as a directory to link to Roksbox which is an app on my Roku
2015-05-11 12:58 - 2015-05-11 13:42 - 00000000 ____D () C:\ProgramData\abc i am not sure what this file/folder is but as of now it doesn't seem to be on the computer any more.

 

 

Have you been receiving help from "The Geek Squad" and/or have you installed any of their programs?

I have had help from the geek squad, but this was before I spoke to you. I never installed their software. They installed some software that was for temporary usage by them.  They also used proprietary software which was never installed onto my computer.

 

How is your computer behaving?

Well, IE works without giving me the error message. It seems somewhat more stable.  I have not used this computer as much because of its issues. I tried to go to the geek squad site on firefox and it directed me to another site. So, there's still some issues. I still think there's something going on.

 

Hopefully I have provided with you the information needed to further determine the next course of action.  Thank you, again.



#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 23 May 2015 - 04:49 PM

Hi Xarmark77,
 

Well, IE works without giving me the error message. It seems somewhat more stable.  I have not used this computer as much because of its issues. I tried to go to the geek squad site on firefox and it directed me to another site. So, there's still some issues. I still think there's something going on.

It is very likely that your copy of Firefox has been corrupted.  In the next steps we will remove and reinstall FF, therefore I advise you to backup any bookmarks before you remove it.

The information for doing this can be found here: Restore bookmarks from backup or move them to another computer


  • Uninstalling Firefox
  • Right-click on the Start icon, located on the bottom-left of your screen.
  • Open Programs and Features.
  • Select the following programs:

    Mozilla Firefox 37.0.2 (x86 en-US)

  • Click Uninstall/Change.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.


Installing Firefox

  • Click on the following link: Firefox
  • Select Free Download.
  • When prompted, select Run.
  • If you don't want Firefox to be your default browser, make sure you uncheck Make Firefox my default browser.
  • Click on Install.


Next..


Adwcleaner


  • Close all your programs and right-click adwcleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

 

I need you to run a fix..

 

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
2015-05-11 12:58 - 2015-05-11 13:42 - 00000000 ____D () C:\ProgramData\abc
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup(1).exe
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup.exe
C:\Users\Mitchell\Desktop\downloaded\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup328.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup400(1).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup400.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup401.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup402.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(1).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(2).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup409.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup413.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup414.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup418.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup419.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup501.exe
C:\Users\Mitchell\Desktop\downloaded\dfsetup214(1).exe
C:\Users\Mitchell\Desktop\downloaded\dfsetup214.exe
C:\Users\Mitchell\Desktop\downloaded\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe
C:\Users\Mitchell\Desktop\downloaded\mplayer_freely_d157223.exe
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_(1).exe
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_.exe
C:\Users\Mitchell\Desktop\downloaded\startbutton8-setup.exe
C:\Users\Mitchell\Desktop\downloaded\waterfox64bit-setup.exe
C:\Users\Mitchell\Desktop\downloaded\WinZip175.exe
C:\Users\Mitchell\Dropbox\Downloads\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe
C:\Users\Mitchell\Dropbox\Downloads\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe
C:\Users\Mitchell\Dropbox\Downloads\startbutton8-setup.exe

CreateRestorePoint:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

 

I need you to run a fresh scan with FRST..

 

  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Are you able to access the Geek Squad website with Firefox?
  • AdwCleaner log
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
    Please post everything in the order given.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 23 May 2015 - 09:32 PM

Hey mAL, here's what you asked for.

Problems:

FRST only produced Fixlog.txt, There was no Addition.txt created.

Are you able to access the Geek Squad website with Firefox?

No.

AdwCleaner log

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 22:21:30
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Mitchell - MOOGY
# Running from : C:\Users\Mitchell\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ceaohckoegdncfpojeiehjkaffbdahli_0
File Deleted : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceaohckoegdncfpojeiehjkaffbdahli

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v31.0.1650.63


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [29977 bytes] - [11/05/2015 22:16:43]
AdwCleaner[R1].txt - [1765 bytes] - [21/05/2015 13:41:21]
AdwCleaner[R2].txt - [1659 bytes] - [23/05/2015 21:49:16]
AdwCleaner[R3].txt - [1395 bytes] - [23/05/2015 22:19:03]
AdwCleaner[S0].txt - [25950 bytes] - [11/05/2015 22:19:03]
AdwCleaner[S1].txt - [1733 bytes] - [23/05/2015 21:51:19]
AdwCleaner[S2].txt - [1324 bytes] - [23/05/2015 22:21:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1383  bytes] ##########
 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Mitchell at 2015-05-23 22:30:22 Run:3
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available profiles: Mitchell & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2015-05-11 12:58 - 2015-05-11 13:42 - 00000000 ____D () C:\ProgramData\abc
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup(1).exe
C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup.exe
C:\Users\Mitchell\Desktop\downloaded\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup328.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup400(1).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup400.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup401.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup402.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(1).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403(2).exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup403.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup409.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup413.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup414.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup418.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup419.exe
C:\Users\Mitchell\Desktop\downloaded\ccsetup501.exe
C:\Users\Mitchell\Desktop\downloaded\dfsetup214(1).exe
C:\Users\Mitchell\Desktop\downloaded\dfsetup214.exe
C:\Users\Mitchell\Desktop\downloaded\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe
C:\Users\Mitchell\Desktop\downloaded\mplayer_freely_d157223.exe
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_(1).exe
C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_.exe
C:\Users\Mitchell\Desktop\downloaded\startbutton8-setup.exe
C:\Users\Mitchell\Desktop\downloaded\waterfox64bit-setup.exe
C:\Users\Mitchell\Desktop\downloaded\WinZip175.exe
C:\Users\Mitchell\Dropbox\Downloads\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe
C:\Users\Mitchell\Dropbox\Downloads\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe
C:\Users\Mitchell\Dropbox\Downloads\startbutton8-setup.exe

CreateRestorePoint:


*****************

"C:\ProgramData\abc" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup(1).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\adobe_flash_setup.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup328.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup400(1).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup400.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup401.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup402.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup403(1).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup403(2).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup403.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup409.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup413.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup414.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup418.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup419.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\ccsetup501.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\dfsetup214(1).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\dfsetup214.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\mplayer_freely_d157223.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_(1).exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\PIP2671_AVR37_.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\startbutton8-setup.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\waterfox64bit-setup.exe" => File/Directory not found.
"C:\Users\Mitchell\Desktop\downloaded\WinZip175.exe" => File/Directory not found.
"C:\Users\Mitchell\Dropbox\Downloads\cbsidlm-cbsi188-Wrestling_MPire_Remix_Career_Edition-SEO-75623450.exe" => File/Directory not found.
"C:\Users\Mitchell\Dropbox\Downloads\EXCALIBUR ELECTRONICS THE NEW YORK TIMES ELECTRONIC CROSSWORD NY10 user guide provided through mypdfmanuals.com.exe" => File/Directory not found.
"C:\Users\Mitchell\Dropbox\Downloads\startbutton8-setup.exe" => File/Directory not found.
Restore point was successfully created.

==== End of Fixlog 22:30:56 ====

FRST,txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Mitchell (administrator) on MOOGY on 23-05-2015 22:34:51
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available profiles: Mitchell & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\mongoose-2.8\srvany.exe
() C:\mongoose-2.8\mongoose.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770008 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\RunOnce: [Uninstall C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.aol.com/38905-919/aol-6/en-us/Suite.aspx
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://search.coupons.com/
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google.com/mail/u/0/#inbox
https://www.facebook.com/MDickieFans
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-16] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\fuay3mt8.default-1417589053923
FF Homepage: https://mail.aol.com/38865-418/aol-6/en-us/suite.aspx|https://mail.google.com/mail/u/0/?tab=wm#inbox|https://www.facebook.com/MDickieFans
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-02-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Beautiful landscape) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-06]
CHR Extension: (YouTube) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-06]
CHR Extension: (Google Search) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-06]
CHR Extension: (Gmail) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-11] (SurfRight B.V.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Mongoose 2.8; C:\mongoose-2.8\srvany.exe [8192 2009-05-25] () [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:23 - 2015-05-23 22:23 - 00001463 _____ () C:\Users\Mitchell\Downloads\AdwCleaner[S2].txt
2015-05-23 19:20 - 2015-05-23 19:20 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-23 19:20 - 2015-05-23 19:20 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-23 19:20 - 2015-05-23 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 19:15 - 2015-05-23 19:15 - 00242626 _____ () C:\Users\Mitchell\Desktop\bookmarks-2015-05-23.json
2015-05-23 03:00 - 2015-05-23 03:00 - 00005351 _____ () C:\Users\Mitchell\Downloads\Eset Quarantined Files.txt
2015-05-22 23:19 - 2015-05-22 23:19 - 02347384 _____ (ESET) C:\Users\Mitchell\Downloads\esetsmartinstaller_enu.exe
2015-05-22 21:47 - 2015-05-22 21:47 - 00965456 _____ () C:\Users\Mitchell\Desktop\addremovecleaner.exe
2015-05-21 14:29 - 2015-05-21 14:29 - 00017079 _____ () C:\Users\Mitchell\Desktop\Mbam Scan.txt
2015-05-21 14:27 - 2015-05-21 14:27 - 00017079 _____ () C:\Mbam Scan.txt
2015-05-21 13:53 - 2015-05-21 14:14 - 00021682 _____ () C:\Users\Mitchell\Downloads\SystemLook.txt
2015-05-21 13:50 - 2015-05-21 13:50 - 00000000 ____D () C:\Users\Mitchell\Downloads\FRST-OlderVersion
2015-05-21 13:46 - 2015-05-21 13:46 - 00096256 _____ () C:\Users\Mitchell\Downloads\SystemLook_x64.exe
2015-05-21 13:31 - 2015-05-21 13:31 - 02223104 _____ () C:\Users\Mitchell\Downloads\AdwCleaner.exe
2015-05-21 13:06 - 2015-05-21 13:06 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-MOOGY-Windows-8.1-(64-bit).dat
2015-05-21 13:05 - 2015-05-21 13:05 - 00000000 ____D () C:\RegBackup
2015-05-21 13:04 - 2015-05-21 13:04 - 04720448 _____ () C:\Users\Mitchell\Downloads\tweaking.com_registry_backup_setup.exe
2015-05-21 13:04 - 2015-05-21 13:04 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-21 13:04 - 2015-05-21 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-21 13:04 - 2015-05-21 13:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-05-18 13:30 - 2015-05-18 13:30 - 00041077 _____ () C:\Users\Mitchell\Downloads\Addition.txt
2015-05-18 13:27 - 2015-05-23 22:34 - 00015948 _____ () C:\Users\Mitchell\Downloads\FRST.txt
2015-05-18 13:27 - 2015-05-23 22:34 - 00000000 ____D () C:\FRST
2015-05-18 12:40 - 2015-05-18 12:40 - 00000000 ____D () C:\Users\Mitchell\Desktop\Flash
2015-05-18 12:36 - 2015-05-21 13:50 - 02108416 _____ (Farbar) C:\Users\Mitchell\Downloads\FRST64.exe
2015-05-14 03:58 - 2015-05-22 21:43 - 00000000 ___RD () C:\Users\Mitchell\OneDrive
2015-05-12 22:56 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:02 - 2015-05-12 22:02 - 399124654 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-12 22:02 - 2015-05-12 22:02 - 00284888 _____ () C:\WINDOWS\Minidump\051215-20890-01.dmp
2015-05-12 21:36 - 2015-05-22 21:40 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 21:35 - 2015-05-12 21:35 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-12 21:35 - 2015-05-12 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-12 21:35 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-12 21:35 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-12 21:35 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-12 21:34 - 2015-05-12 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022(2).exe
2015-05-12 21:29 - 2015-05-12 21:29 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Mitchell\Downloads\mbam-clean-2.1.1.1001.exe
2015-05-12 17:58 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:58 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:58 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 17:58 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:58 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:58 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:58 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:58 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:58 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:58 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:58 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:58 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:58 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:58 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:58 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:58 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:58 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:58 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:58 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:58 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:58 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:58 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:58 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:58 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:58 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:58 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:58 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:58 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:58 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:58 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:58 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:58 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:58 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:58 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:58 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:58 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:58 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:58 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:58 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:58 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:58 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:58 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:58 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:58 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:58 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:58 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:58 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:58 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:58 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:58 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:58 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:58 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:58 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:58 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:58 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:58 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:58 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:58 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:58 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:58 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:58 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:58 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 17:58 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:58 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:58 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:58 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:58 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:57 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:57 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:57 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:57 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:57 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:57 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:57 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:57 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:57 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:57 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:57 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:57 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-11 22:41 - 2015-05-11 22:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-11 22:29 - 2015-05-11 22:33 - 00000766 _____ () C:\Users\Mitchell\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-11 22:28 - 2015-05-11 22:32 - 00000000 ____D () C:\EEK
2015-05-11 22:26 - 2015-05-11 22:27 - 156077456 _____ () C:\Users\Mitchell\Downloads\EmsisoftEmergencyKit.exe
2015-05-11 22:16 - 2015-05-23 22:21 - 00000000 ____D () C:\AdwCleaner
2015-05-11 22:16 - 2015-05-11 22:16 - 02204160 _____ () C:\Users\Mitchell\Downloads\adwcleaner_4.203.exe
2015-05-11 22:10 - 2015-05-11 22:10 - 00303448 _____ () C:\WINDOWS\system32\.crusader
2015-05-11 21:49 - 2015-05-11 21:49 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-05-11 21:49 - 2015-05-11 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-11 21:49 - 2015-05-11 21:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-11 21:47 - 2015-05-11 22:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 21:47 - 2015-05-11 21:47 - 11024496 _____ (SurfRight B.V.) C:\Users\Mitchell\Downloads\HitmanPro_x64.exe
2015-05-11 21:35 - 2015-05-11 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mitchell\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 21:31 - 2015-05-11 21:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mitchell\Downloads\tdsskiller.exe
2015-05-11 19:47 - 2015-05-11 19:47 - 00000041 _____ () C:\Users\Mitchell\AppData\Roaming\mbam.context.scan
2015-05-11 12:41 - 2015-05-11 12:41 - 00000000 ____D () C:\ProgramData\All copyright reserved - 2014
2015-05-11 12:41 - 2015-05-11 12:41 - 00000000 ____D () C:\Program Files (x86)\Pandaje Group
2015-05-11 12:35 - 2015-05-11 14:41 - 00000000 ____D () C:\Program Files (x86)\Maxiget Software Manager
2015-05-11 01:24 - 2015-05-11 20:37 - 00000000 ____D () C:\Users\Mitchell\Downloads\Outlander.S01E13.The.Watch.720p.WEB-DL.2CH.x264-ImanCharge.ir
2015-05-11 00:41 - 2015-05-23 22:01 - 00000000 ____D () C:\Users\Mitchell\Desktop\downloaded
2015-05-10 23:37 - 2015-05-10 23:37 - 00000651 _____ () C:\Users\Mitchell\Desktop\www - Shortcut.lnk
2015-05-10 23:28 - 2015-05-10 23:30 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Hide.me
2015-05-10 23:28 - 2015-05-10 23:28 - 00002708 _____ () C:\WINDOWS\System32\Tasks\arp_flush
2015-05-10 23:28 - 2015-05-10 23:28 - 00001048 _____ () C:\Users\Public\Desktop\hide.me VPN.lnk
2015-05-10 23:28 - 2015-05-10 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2015-05-10 23:28 - 2015-05-10 23:28 - 00000000 ____D () C:\Program Files (x86)\hide.me VPN
2015-05-10 22:26 - 2015-05-18 12:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-05-10 22:26 - 2015-05-10 22:28 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\NCH Software
2015-05-10 22:26 - 2015-05-10 22:26 - 00000000 ____D () C:\ProgramData\NCH Software
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mongoose web server
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mongoose web server
2015-05-10 14:30 - 2015-05-10 14:30 - 00000000 ____D () C:\mongoose-2.8
2015-05-10 13:53 - 2015-05-11 19:32 - 00000000 ____D () C:\www

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:33 - 2015-02-03 21:32 - 01988112 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-23 22:23 - 2015-02-25 12:40 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOOGY-Mitchell Moogy
2015-05-23 22:23 - 2013-10-28 19:33 - 00000000 ____D () C:\Users\Mitchell\SkyDrive
2015-05-23 22:22 - 2015-02-04 00:02 - 00005651 _____ () C:\WINDOWS\setupact.log
2015-05-23 22:22 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 22:22 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-23 22:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 21:54 - 2014-07-08 13:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-23 21:53 - 2015-02-18 08:02 - 00113408 _____ () C:\WINDOWS\PFRO.log
2015-05-23 20:08 - 2013-02-13 01:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3690005664-4159630313-185192455-1001
2015-05-23 19:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 19:20 - 2013-11-18 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-23 19:16 - 2013-12-09 15:11 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A26676B5-1FEF-41F9-8111-BB531F11B76C}
2015-05-22 22:38 - 2013-03-02 01:10 - 00907264 ___SH () C:\Users\Mitchell\Desktop\Thumbs.db
2015-05-22 22:37 - 2013-04-05 15:15 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 21:53 - 2013-04-05 15:15 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 21:43 - 2014-08-05 11:59 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3690005664-4159630313-185192455-1001
2015-05-21 13:29 - 2013-06-08 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-19 21:54 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 21:52 - 2015-04-13 22:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-19 21:52 - 2015-04-13 22:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-18 13:21 - 2015-02-01 13:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 13:21 - 2014-06-29 21:06 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\Adobe
2015-05-18 13:17 - 2013-09-29 23:51 - 00000000 ____D () C:\WINDOWS\SKB
2015-05-18 13:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-18 12:44 - 2013-02-13 20:34 - 00000000 ___RD () C:\Users\Mitchell\Dropbox
2015-05-18 12:44 - 2013-02-13 20:32 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Dropbox
2015-05-18 12:43 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-18 12:43 - 2013-02-13 20:34 - 00001085 _____ () C:\Users\Mitchell\Desktop\Dropbox.lnk
2015-05-18 12:43 - 2013-02-13 20:33 - 00000000 ____D () C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-17 16:58 - 2015-04-13 08:32 - 00000000 ____D () C:\Users\Mitchell\Desktop\Media
2015-05-17 16:35 - 2013-08-22 10:44 - 00499544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 16:34 - 2013-04-06 00:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 16:34 - 2013-04-06 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 16:33 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Web
2015-05-17 16:30 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-17 16:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 03:58 - 2013-10-28 19:09 - 00000000 ____D () C:\Users\Mitchell
2015-05-12 22:54 - 2013-07-26 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:47 - 2013-02-15 12:05 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:38 - 2013-04-06 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:27 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 22:02 - 2014-08-27 09:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-12 21:59 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-11 22:10 - 2013-08-03 19:18 - 00000000 ____D () C:\Users\Mitchell\AppData\Local\Autobahn
2015-05-11 20:37 - 2015-02-18 13:23 - 00000000 ____D () C:\Users\Administrator.Moogy
2015-05-11 20:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-11 20:33 - 2013-04-05 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-11 20:30 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-11 20:17 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-10 23:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-05-10 23:31 - 2013-04-11 00:49 - 00892928 ___SH () C:\Users\Mitchell\Downloads\Thumbs.db
2015-05-05 13:59 - 2015-03-14 21:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-14 21:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-05-11 19:47 - 2015-05-11 19:47 - 0000041 _____ () C:\Users\Mitchell\AppData\Roaming\mbam.context.scan

Some files in TEMP:
====================
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-23 19:27

==================== End of log ===========================

Thank you for your help and getting back to me.  Hope this information is helpful in finding out what to do next.


Edited by Xarmark77, 23 May 2015 - 09:50 PM.


#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 24 May 2015 - 01:13 AM

Hi Xarmark77,
 

2015-05-23 03:00 - 2015-05-23 03:00 - 00005351 _____ () C:\Users\Mitchell\Downloads\Eset Quarantined Files.txt

Please be careful when following my instructions..  You forgot to uncheck Remove found threats when running the ESET scan.  Fortunately, nothing that was removed caused any damage to your computer, however next time could be a different story.
 

FRST only produced Fixlog.txt, There was no Addition.txt created.

Please rerun FRST as you did before, however this time check the Addition.txt box before clicking Scan.  Please post the contents of Addition.txt in your next reply.

 

Are you able to access the Geek Squad website with Firefox?

No.

Please follow the steps in the following article: Basic Firefox Troubleshooting.  If this doesn't resolve the issue, let me know and we will try something else.

 

-----------------------------------------
In your next reply, I would like to see..

  • Are you able to access Geek Squad?
  • Addition.txt

 


Edited by mAL_rEm018, 24 May 2015 - 01:19 AM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#13 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 24 May 2015 - 01:27 AM

Thank you for pointing out my error.  I shall try to be very meticulous when following your instructions, so I don't do any harm to my computer.

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Mitchell at 2015-05-24 02:25:12
Running from C:\Users\Mitchell\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3690005664-4159630313-185192455-500 - Administrator - Disabled) => C:\Users\Administrator.Moogy
Guest (S-1-5-21-3690005664-4159630313-185192455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3690005664-4159630313-185192455-1007 - Limited - Enabled)
Mitchell (S-1-5-21-3690005664-4159630313-185192455-1001 - Administrator - Enabled) => C:\Users\Mitchell

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dropbox (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
hide.me VPN version 1.0.7 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.0.7 - eVenture Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Digital Image Pro 10 (HKLM-x32\...\PictureIt_PI2_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NexDef Plug-in (HKLM-x32\...\Autobahn) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{52F02F20-77E1-41A6-9758-7C8751D880A2}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\ShopAtHome.com Helper) (Version: 7.10.2.10 - ShopAtHome.com) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mitchell\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3690005664-4159630313-185192455-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-05-2015 20:03:41 Restore Operation
19-05-2015 21:51:47 Windows Update
22-05-2015 22:28:08 Restore Point Created by FRST
23-05-2015 22:01:34 Restore Point Created by FRST
23-05-2015 22:30:26 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2015-05-22 22:28 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EE21807-C65A-4A94-9CF9-9C6F23FC07A4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-21] (Microsoft Corporation)
Task: {22BCA28D-0F5D-42EE-A5AD-5768C13A56F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {3BAD7044-11DE-4E6A-8690-1EA3DF6C1C14} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {585AA316-6551-4490-A789-462AA17C8D94} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe [2015-04-03] ()
Task: {5D8337DE-23D7-4C59-89CF-E19E36849E4E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOOGY-Mitchell Moogy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {753EA53C-6FF4-4B20-B96A-153A144A898D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {89BC0A40-AD7C-42BA-9FA5-94F83C494CE4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {968C8379-0E39-4FE0-B423-F67512DAB2F0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {A108AB95-9938-4A10-8AC8-29528CAA5F4C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3690005664-4159630313-185192455-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {ACE77355-907A-4386-9053-974F3817413A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {E7417CC2-DF94-4D9E-98BC-E60D39E3B27A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {E8E834E2-46E8-4899-A078-5C785048ACC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-21 03:29 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00008192 _____ () C:\mongoose-2.8\srvany.exe
2009-07-08 17:05 - 2009-07-08 17:05 - 00057344 _____ () C:\mongoose-2.8\mongoose.exe
2014-10-01 17:26 - 2005-04-22 00:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-03-17 04:31 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 23:13 - 2012-08-13 23:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00155648 _____ () C:\mongoose-2.8\ssleay32.dll
2009-05-25 15:34 - 2009-05-25 15:34 - 00716800 _____ () C:\mongoose-2.8\LIBEAY32.dll
2014-09-23 21:02 - 2014-11-21 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-01 17:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mitchell\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mitchell\Desktop\65de25f9-09e2-4d81-ab1c-7a98bc88b0af - Copy.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\#Heel.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Dolph.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Image11.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Painted Pumpkins.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mitchell\Documents\Pumpkin Head.jpg:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3690005664-4159630313-185192455-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mitchell\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\photo gallery wallpaper.jpg
DNS Servers: 192.168.1.1 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: THAccelSvc => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3690005664-4159630313-185192455-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FDF35EA1-9AB5-4CF2-A093-3CB3ECA4AF30}C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D406E88D-B6BA-4517-B884-74FB45AE98FD}C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mitchell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1713BB61-44BD-4EB9-8781-4A2A86058306}] => (Allow) C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7C01C324-A09E-4C1A-9221-A6B586B2D010}] => (Allow) C:\Users\Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E5E0053E-939C-4880-9375-74B93E47BC6D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{A5616AAB-06F6-48AC-A727-40095DA437E0}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{C7FCEA95-E802-4A99-8195-FC8FA079898B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C1EF8DEF-ACAE-415D-903D-74BC24220A31}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4D348C86-4908-4181-BDEB-1E4089C075AD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{635E8826-24D1-4A2F-AAED-170B06AD8316}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6200136A-F059-407A-8733-29A5E1170197}] => (Allow) LPort=2869
FirewallRules: [{3D4F7F55-7DFD-4AF8-8800-E208C1C7DA21}] => (Allow) LPort=1900
FirewallRules: [{0F2623B3-C527-422C-BD15-17D8CB48CD66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A79576D0-393C-4B8C-ADCD-4CC0E8F7FE24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{860608CE-1103-4243-BAB7-2038BA481B91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E15C15F-3282-4181-83D1-DD41FC416F28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC3930C7-2470-4A98-A01E-2D7C61330488}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{13A79DF8-9D8C-4BDA-B557-BFBF65372166}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{4FA3DD2B-A286-41CD-85CA-DA8652A47487}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{E7C11C6F-ECF5-4557-A8B7-0E74DA24C41A}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [UDP Query User{76C66478-5C58-4213-8F8D-01DFCD43A42E}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [TCP Query User{9422F83A-4DD4-4F7D-AF74-FBCF0BAC2E18}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [UDP Query User{B3F83ABC-C188-4B14-A594-580FF3F9B894}C:\mongoose-2.8\mongoose.exe] => (Allow) C:\mongoose-2.8\mongoose.exe
FirewallRules: [{37486C11-2F6C-4B72-B4F6-252BA37427FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{086370CA-AB8A-404D-A3DE-E0189E16F957}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 02:23:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4879172

Error: (05/24/2015 02:23:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4879172

Error: (05/24/2015 02:23:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4878094

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4878094

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4877000

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4877000

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:01:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156


System errors:
=============
Error: (05/23/2015 10:21:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (05/23/2015 10:21:44 PM) (Source: DCOM) (EventID: 10010) (User: MOOGY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 10:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/23/2015 10:21:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/23/2015 10:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/23/2015 10:21:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/23/2015 10:21:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mongoose 2.8 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/23/2015 10:21:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/23/2015 10:21:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/23/2015 10:21:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (05/24/2015 02:23:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4879172

Error: (05/24/2015 02:23:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4879172

Error: (05/24/2015 02:23:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4878094

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4878094

Error: (05/24/2015 02:23:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4877000

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4877000

Error: (05/24/2015 02:23:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2015 01:01:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156


CodeIntegrity Errors:
===================================
  Date: 2015-05-23 23:19:31.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:30.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:30.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:29.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:28.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:27.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:27.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-23 23:19:26.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-21 13:35:14.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-21 13:35:13.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3980.22 MB
Available physical RAM: 2204.31 MB
Total Pagefile: 8076.22 MB
Available Pagefile: 6127.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (TI10657300D) (Fixed) (Total:454.15 GB) (Free:369.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

Are you able to access Geek Squad?

I am able to access geek squad after clearing history and running in safe mode.and I reset to default settings.

I don't know if the computer is running normally.  I am not really sure how to know, but firefox is running normally.  I think cleaning the history did something because there are no extensions so safe mode shouldn't have made a difference.  How do I know that there are no more infections.  Thanks for getting back to me on a Saturday night. You have been very helpful.


Edited by Xarmark77, 24 May 2015 - 01:55 AM.


#14 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 25 May 2015 - 02:11 AM

Hi Xarmark77,

Are you able to access Geek Squad?

I am able to access geek squad after clearing history and running in safe mode.

Are you able to access Geek Squad in normal mode?


Outdated program

I've noticed that you have some badly outdated programs on your computer

Java 7 Update 60
Java 7 Update 71
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)

It is essential that you always update your programs and remove old versions if you value the security of your computer, since they can and will be exploited.  I will provide you with the steps to re-install Java in my last post.


Please do the following..


  • Right-click on the Start icon, located on the bottom-left of your screen.
  • Open Programs and Features.
  • Select the following programs:

    Java 7 Update 60
    Java 7 Update 71
    ShopAtHome.com Helper

  • Click Uninstall/Change.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.


Next..



  • Open Google Chrome.
  • Click on the Menu, located in the top-right corner.
  • Select Update Google Chrome.
  • A dialog box will appear, click on Restart.


I need you to run another fix..



  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll

CreateRestorePoint:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log



-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Are you able to access the Geek Squad in normal mode?
  • fixlist.txt
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#15 Xarmark77

Xarmark77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 25 May 2015 - 07:39 PM

Did you have trouble performing any of the steps?

Shopathome.com Helper w3as not listed in the add/remove programs list.

I was unable to update Chrome.  I didn't see any option to do so in all of the menus and specifically in the upper right hand corner.

Are you able to access the Geek Squad in normal mode?

Yes. There was a link to another site that caused the computer to freeze up.

fixlst.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Mitchell at 2015-05-25 20:22:45 Run:4
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3690005664-4159630313-185192455-1001 -> {CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} URL =
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll

CreateRestorePoint:
*****************

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-3690005664-4159630313-185192455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842}" => key Removed successfully
HKCR\CLSID\{CCE613C9-AE9F-48FB-BEBD-D6ED71EC9842} => key not found.
C:\Users\Mitchell\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Mitchell\AppData\Local\Temp\sqlite3.dll => Moved successfully.
Restore point was successfully created.

==== End of Fixlog 20:23:20 ====

Not sure what's going on.  Things were going a little better, but I am nit sure what's happening, now. I appreciate your help. Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users