Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit card number/info got hijacked after I did a stupid sketchy download...


  • This topic is locked This topic is locked
5 replies to this topic

#1 PCconfused

PCconfused

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 19 June 2015 - 02:18 PM

Hi, as posted in the title, I screwed up and let something install after I thought I had a legit download.

Shortly after the opera browser showed signs of infection with weird pop-ups so I safe moded and tried to fix by restoring to an earlier point and scanning with my existing cleaning software (I have to admit I've let my diligence and awareness slide a bit lately as I have not had any problems for about a year or more, payback's a b!^%h though). All seemed ok as the pop-ups were gone. The computer was acting sluggish and within a couple of days the credit card was declined. Someone had enough info to do a credit check and use the card for online purchases.

 

What I've done so far:

 Scan and clean with Malwarebytes anti maleware.

 Scan and clean with spybot S+D 

 Scan and clean with Ad-Aware anti virus

 

Could someone please take some time to see if there is still a recognizable problem as I am scared to do any more banking on the computer.

 

Thanks in advance.

 

Here are the logs from hijack and FRST

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:27:30 PM, on 19-Jun-15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
 
FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Windows\vVX3000.exe
C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Windows\System32\C2MP\TrayMenu.exe
C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Darren\Desktop\Computer security\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.lavasoft.com?partner=WCYID10140&campaign=cnet&d=150619
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TrayMenu.lnk = C:\Windows\System32\C2MP\TrayMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.vizzed.com
O15 - Trusted Zone: http://*.webcompanion.com
O20 - AppInit_DLLs: c:\progra~1\sk-ena~1\psupport.dll c:\progra~1\websea~1\psupport.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
 
--
End of file - 8980 bytes
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Darren (administrator) on DARREN-PC on 19-06-2015 12:30:31
Running from C:\Users\Darren\Desktop\Computer security
Loaded Profiles: Darren (Available Profiles: Darren)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\Windows\System32\C2MP\TrayMenu.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-18] (Avast Software s.r.o.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [8216048 2015-03-10] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft)
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\sk-ena~1\psupport.dll => c:\progra~1\sk-ena~1\psupport.dll File not found
AppInit_DLLs:  c:\progra~1\websea~1\psupport.dll => c:\progra~1\websea~1\psupport.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk [2014-11-19]
ShortcutTarget: TrayMenu.lnk -> C:\Windows\System32\C2MP\TrayMenu.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-18] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.lavasoft.com?partner=WCYID10140&campaign=cnet&d=150619
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
SearchScopes: HKU\S-1-5-21-318896497-2290201194-3209112418-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-318896497-2290201194-3209112418-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://search.lavasoft.com/results.php?search={searchTerms}&category=web&partner=WCYID10140&campaign=cnet&d=150619
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-18] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-318896497-2290201194-3209112418-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-06-19] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-06-19] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-06-19] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-06-19] (Lavasoft Limited)
Winsock: Catalog9 27 C:\Windows\system32\LavasoftTcpService.dll [348488 2015-06-19] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\wyk0doar.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchguru.info/?pid=1925&r=2013/12/16&hid=3937115478194894928&lg=EN&cc=CA&unqvl=43&l=1&q=
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF NewTab: hxxp://search.lavasoft.com?partner=WCYID10140&campaign=cnet&d=150619
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://search.lavasoft.com?partner=WCYID10140&campaign=cnet&d=150619
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-318896497-2290201194-3209112418-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\wyk0doar.default\searchplugins\securesearch.xml [2015-06-19]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-18]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
 
Opera: 
=======
OPR Extension: (CinemaPlus-3.2cV14.06) - C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-18] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-18] (Avast Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-09] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-06-08] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [100328 2011-02-24] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [308200 2011-02-24] (ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-18] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-17] (Avanquest Software) [File not signed]
S3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [22040 2011-05-15] (Intel Corporation)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-10-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-18] (Avast Software)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 12:27 - 2015-06-19 12:27 - 00008981 _____ C:\Users\Darren\Documents\hijackthis2
2015-06-19 10:18 - 2015-06-19 12:30 - 00000000 ____D C:\FRST
2015-06-19 09:13 - 2015-06-19 09:13 - 00002856 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-06-19 09:13 - 2015-06-19 09:13 - 00000000 ____D C:\Users\Darren\AppData\Roaming\LavasoftStatistics
2015-06-19 09:13 - 2015-06-19 09:13 - 00000000 ____D C:\Users\Darren\AppData\Local\Lavasoft
2015-06-19 09:13 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-06-19 09:12 - 2015-06-19 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-19 09:11 - 2015-06-19 09:12 - 00000000 ____D C:\Program Files\Lavasoft
2015-06-19 09:10 - 2015-06-19 09:12 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Lavasoft
2015-06-19 09:10 - 2015-06-19 09:12 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-19 09:10 - 2015-06-19 09:10 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-06-19 09:02 - 2015-06-19 09:02 - 00008100 _____ C:\Users\Darren\Documents\hijackthis.log
2015-06-19 08:56 - 2015-06-19 09:32 - 00059422 _____ C:\Windows\WindowsUpdate.log
2015-06-19 08:53 - 2015-06-19 09:25 - 00000336 _____ C:\Windows\setupact.log
2015-06-19 08:53 - 2015-06-19 09:24 - 00065914 _____ C:\Windows\PFRO.log
2015-06-19 08:53 - 2015-06-19 08:53 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 08:40 - 2015-06-19 08:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 08:40 - 2015-06-19 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-19 08:40 - 2015-06-19 08:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-19 08:40 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-19 08:40 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-19 08:40 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-18 19:29 - 2015-06-18 19:29 - 00000000 ____D C:\Users\Darren\AppData\Local\Skype
2015-06-18 19:24 - 2015-06-18 19:31 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Skype
2015-06-18 19:15 - 2015-06-18 19:15 - 00000000 ____D C:\Windows\system32\vbox
2015-06-18 19:14 - 2015-06-18 19:14 - 00000000 ____D C:\Users\Darren\AppData\Roaming\AVAST Software
2015-06-18 19:12 - 2015-06-18 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-18 19:11 - 2015-06-18 19:31 - 00000000 ____D C:\ProgramData\Skype
2015-06-18 19:10 - 2015-06-18 19:10 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-18 19:10 - 2015-06-18 19:10 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-18 19:10 - 2015-06-18 19:10 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-18 19:10 - 2015-06-18 19:10 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-18 19:08 - 2015-06-18 19:08 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-18 18:57 - 2015-06-18 18:57 - 07941448 _____ (Crawler Group ) C:\Users\Darren\Downloads\SpywareTerminatorSetup.exe
2015-06-18 18:22 - 2015-06-18 18:22 - 00000388 _____ C:\Windows\Tasks\Opera scheduled Autoupdate 1415701678.job
2015-06-18 18:07 - 2015-06-18 18:07 - 00002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-18 18:07 - 2015-06-18 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-18 18:07 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-06-14 23:52 - 2015-06-02 13:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-14 23:52 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-14 23:52 - 2015-05-25 12:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-14 23:52 - 2015-05-25 12:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-14 23:52 - 2015-05-25 12:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-14 23:52 - 2015-05-25 12:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-14 23:52 - 2015-05-25 12:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-14 23:52 - 2015-05-25 12:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-14 23:52 - 2015-05-25 12:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-14 23:52 - 2015-05-25 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-14 23:52 - 2015-05-25 11:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-14 23:52 - 2015-05-25 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-14 23:52 - 2015-05-25 11:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-14 23:52 - 2015-05-25 11:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-14 23:52 - 2015-05-25 11:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-14 23:52 - 2015-05-25 10:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-14 23:52 - 2015-05-22 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-14 23:52 - 2015-05-22 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-14 23:52 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-14 23:52 - 2015-05-22 21:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-14 23:52 - 2015-05-22 21:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-14 23:52 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-14 23:52 - 2015-05-22 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-14 23:52 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-14 23:52 - 2015-05-22 21:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-14 23:52 - 2015-05-22 21:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-14 23:52 - 2015-05-22 21:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-14 23:52 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-14 23:52 - 2015-05-22 21:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-14 23:52 - 2015-05-22 21:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-14 23:52 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-14 23:52 - 2015-05-22 21:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-14 23:52 - 2015-05-22 20:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-14 23:52 - 2015-05-22 20:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-14 23:52 - 2015-05-22 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-14 23:52 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-14 23:52 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-14 23:52 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-14 23:52 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-14 23:52 - 2015-05-22 20:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-14 23:52 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-14 23:52 - 2015-05-22 20:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-14 23:52 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-14 23:52 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-14 23:52 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-14 23:52 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-14 23:52 - 2015-05-22 12:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-14 23:52 - 2015-05-22 12:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-14 23:52 - 2015-05-22 12:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-14 23:52 - 2015-05-22 12:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-14 23:52 - 2015-05-22 12:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-14 23:52 - 2015-05-22 12:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-14 23:52 - 2015-05-22 11:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-14 23:52 - 2015-05-21 07:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-14 23:51 - 2015-05-08 21:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-14 23:51 - 2015-05-08 21:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-14 23:51 - 2015-05-08 21:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-14 23:51 - 2015-05-08 21:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-14 23:51 - 2015-05-08 21:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 19:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 19:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-14 23:51 - 2015-05-08 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-14 23:51 - 2015-04-29 12:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-14 23:51 - 2015-04-29 12:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-14 23:51 - 2015-04-29 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-14 23:51 - 2015-04-29 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-14 23:51 - 2015-04-29 12:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-14 23:51 - 2015-04-10 21:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-14 23:49 - 2015-04-24 11:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-14 23:32 - 2015-06-19 08:52 - 00000000 ____D C:\Program Files\globalUpdate
2015-06-14 23:32 - 2015-06-14 23:32 - 00000000 ____D C:\Users\Darren\AppData\Local\globalUpdate
2015-06-12 20:02 - 2015-06-12 20:02 - 00115300 _____ C:\Users\Darren\Downloads\[kat.cr]st.vincent.2014.hdrip.xvid.ac3.gly.torrent
2015-06-08 18:23 - 2015-06-08 18:23 - 00016762 _____ C:\Users\Darren\Downloads\[kat.cr]mp4.modern.family.s06e24.720p.american.skyper.hdtv.season.6.06.24.kotuwa.torrent
2015-06-08 18:23 - 2015-06-08 18:23 - 00016736 _____ C:\Users\Darren\Downloads\[kat.cr]mp4.modern.family.s06e21.720p.integrity.hdtv.season.6.06.21.kotuwa.torrent
2015-06-08 18:22 - 2015-06-08 18:22 - 00015087 _____ C:\Users\Darren\Downloads\[kat.cr]mp4.modern.family.s06e23.720p.crying.out.loud.hdtv.season.6.06.23.kotuwa.torrent
2015-06-01 06:59 - 2015-06-01 06:59 - 00000000 ____D C:\Users\Darren\AppData\Local\GWX
2015-05-30 21:41 - 2015-05-30 21:41 - 00006139 _____ C:\Users\Darren\Downloads\[kat.cr]modern.family.s06e14.hdtv.x264.lol.eztv.torrent
2015-05-30 21:39 - 2015-05-30 21:39 - 00013224 _____ C:\Users\Darren\Downloads\[kat.cr]mp4.modern.family.s06e14.720p.valentine.s.day.4.twisted.sister.hdtv.season.6.06.14.kotuwa.torrent
2015-05-30 21:38 - 2015-05-30 21:38 - 00014819 _____ C:\Users\Darren\Downloads\[kat.cr]modern.family.s06e12.hdtv.xvid.fum.ettv.torrent
2015-05-30 21:37 - 2015-05-30 21:37 - 00017111 _____ C:\Users\Darren\Downloads\[kat.cr]mp4.modern.family.s06e11.720p.the.day.we.almost.died.web.dl.season.6.06.11.kotuwa.torrent
2015-05-30 21:37 - 2015-05-30 21:37 - 00014841 _____ C:\Users\Darren\Downloads\[kat.cr]modern.family.s06e15.hdtv.xvid.fum.ettv.torrent
2015-05-30 21:36 - 2015-05-30 21:36 - 00014938 _____ C:\Users\Darren\Downloads\[kat.cr]modern.family.s06e13.hdtv.x264.killers.ettv.torrent
2015-05-30 21:35 - 2015-05-30 21:35 - 00014848 _____ C:\Users\Darren\Downloads\[kat.cr]modern.family.s06e10.web.dl.xvid.fum.ettv.torrent
2015-05-26 06:54 - 2015-05-26 07:14 - 00000000 ____D C:\Users\Darren\Desktop\Brick back door
2015-05-21 17:00 - 2015-05-21 17:00 - 00000250 _____ C:\Users\Darren\Desktop\mower.txt
2015-05-20 14:10 - 2015-06-11 19:56 - 00000000 ____D C:\Users\Darren\Desktop\Rav4 Damage
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 12:30 - 2013-12-08 17:49 - 00000000 ____D C:\Users\Darren\Desktop\Computer security
2015-06-19 11:49 - 2015-01-09 22:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-19 10:18 - 2009-07-13 22:34 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 10:18 - 2009-07-13 22:34 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 09:40 - 2013-12-08 17:48 - 00000000 ____D C:\Program Files\Opera
2015-06-19 09:24 - 2014-12-01 01:16 - 00000494 ____H C:\Windows\Tasks\ModuleBoost-S-4108971034.job
2015-06-19 09:24 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 08:28 - 2013-12-17 12:32 - 00003098 _____ C:\Windows\wininit.ini
2015-06-18 20:47 - 2014-12-05 08:17 - 00000000 ____D C:\Users\Darren\Documents\SelfMV
2015-06-18 20:44 - 2013-12-08 16:00 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 19:32 - 2014-11-25 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-18 19:30 - 2013-12-08 17:48 - 00000000 ____D C:\Program Files\Google
2015-06-18 19:29 - 2013-12-08 17:48 - 00000000 ____D C:\Users\Darren\AppData\Local\Google
2015-06-18 19:08 - 2013-12-08 17:45 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-18 19:04 - 2014-09-01 22:25 - 00000000 ____D C:\Users\Darren\Documents\checkup
2015-06-18 18:30 - 2013-12-08 17:47 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-06-18 18:07 - 2013-12-08 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-18 15:11 - 2013-12-10 13:10 - 00036864 _____ C:\Users\Darren\Documents\Lawn maintenance payment tracker.xls
2015-06-17 16:53 - 2013-12-09 02:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-17 16:53 - 2013-12-09 02:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-17 00:19 - 2014-11-15 13:22 - 00000000 __SHD C:\Users\Darren\AppData\Local\EmieBrowserModeList
2015-06-17 00:19 - 2014-04-17 16:07 - 00000000 __SHD C:\Users\Darren\AppData\Local\EmieUserList
2015-06-17 00:19 - 2014-04-17 16:07 - 00000000 __SHD C:\Users\Darren\AppData\Local\EmieSiteList
2015-06-16 06:27 - 2015-02-08 22:49 - 00000000 ____D C:\Users\Darren\AppData\Roaming\XBMC
2015-06-16 06:19 - 2013-12-10 02:40 - 00000000 ____D C:\Users\Darren\AppData\Roaming\uTorrent
2015-06-15 14:49 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-06-15 13:50 - 2014-01-22 13:57 - 00000000 ____D C:\Windows\pss
2015-06-15 13:45 - 2009-07-13 22:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-15 13:45 - 2009-07-13 22:33 - 00332296 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-15 00:06 - 2014-12-10 12:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-15 00:06 - 2014-04-25 08:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-15 00:00 - 2013-12-09 04:21 - 00000000 ____D C:\Windows\system32\MRT
2015-06-14 23:53 - 2013-12-09 04:21 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-14 23:40 - 2015-05-14 20:26 - 00000000 ____D C:\Program Files\MyPCBU
2015-06-14 23:40 - 2015-04-11 18:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-14 23:40 - 2014-01-11 02:33 - 00000000 ____D C:\Users\Darren\AppData\Roaming\vlc
2015-06-14 23:40 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-14 23:40 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2015-06-11 19:56 - 2014-04-20 08:41 - 00000000 ____D C:\Users\Darren\Desktop\Recent photos
2015-06-09 23:12 - 2013-12-10 13:10 - 00045568 _____ C:\Users\Darren\Documents\Monthly Expense tracker.xls
2015-06-02 01:05 - 2013-12-08 23:07 - 00000000 ____D C:\Program Files\CCleaner
2015-05-21 19:20 - 2014-05-06 10:15 - 00000000 ____D C:\Users\Darren\Desktop\Rusty seals purchase
 
==================== Files in the root of some directories =======
 
2014-05-29 18:34 - 2014-05-29 18:34 - 0003584 _____ () C:\Users\Darren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-04 16:03 - 2014-09-04 16:03 - 0000017 _____ () C:\Users\Darren\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Darren\AppData\Local\Temp\87708b9e-9238-4f12-85a9-076845de3ae5.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-13 12:17
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Darren at 2015-06-19 12:30:59
Running from C:\Users\Darren\Desktop\Computer security
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-318896497-2290201194-3209112418-500 - Administrator - Disabled)
Darren (S-1-5-21-318896497-2290201194-3209112418-1000 - Administrator - Enabled) => C:\Users\Darren
Guest (S-1-5-21-318896497-2290201194-3209112418-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-318896497-2290201194-3209112418-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{35CC81F8-F385-4B79-91A8-3163420F5D01}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (Version: 2.0.1025.2130 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AI Suite II (HKLM\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.32 - ASUSTeK Computer Inc.)
Angry Birds Seasons (HKLM\...\{A0CDDE99-D170-426F-917E-B2E51EB3B78F}) (Version: 3.2.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon PowerShot A3500 IS Camera User Guide (HKLM\...\CameraUserGuide-PSA3500IS) (Version: 1.0.0.1 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
Debut Video Capture Software (HKLM\...\Debut) (Version: 2.11 - NCH Software)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Free Audio Editor 2014 8.9.9 (HKLM\...\Free Audio Editor 2014_is1) (Version:  - FAE Distribution, Inc.)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google SketchUp Pro 2013 v13.0.4812 (HKLM\...\Google SketchUp Pro 2013 v13.0.481213.0.4812) (Version: 13.0.4812 - Friends in War)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LavasoftTcpService (Version: 2.3.4.7 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\MyFreeCodec) (Version:  - )
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Opera Stable 30.0.1835.59 (HKLM\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Pavtube Video DVD Converter Ultimate Ver 4.7.1.5363 (HKLM\...\Pavtube Video DVD Converter Ultimate_is1) (Version:  - )
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14123.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Slice Audio File Splitter (HKLM\...\Slice) (Version:  - NCH Software)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC Codec Pack 2.0.5 (HKLM\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Web Companion (HKLM\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
18-06-2015 19:31:07 Removed Skype™ 7.6
18-06-2015 22:00:30 Windows Update
19-06-2015 09:10:32 AA11
19-06-2015 09:12:29 LavasoftWeCompanion
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02837CA2-342C-42D7-9E00-9201F1D50CF7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {1C0E3C41-FDA0-48ED-8C56-34A7922DCF0C} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {25FE30BF-5724-423A-94A9-709ED6F12EDF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {321F7332-12A2-4823-BD6E-D83DF058F3A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4D7E9C00-94F9-4025-9F76-DAD1214CA071} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {643511D2-350E-4974-B270-5391B42E6102} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A2890AEF-CE42-434D-8DEF-17327700EDD7} - System32\Tasks\ModuleBoost-S-4108971034 => c:\programdata\trusted publisher\boostershare\ModuleBoost.exe <==== ATTENTION
Task: {A6550C46-2D7F-4698-9F5C-A840D7B65CA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-17] (Adobe Systems Incorporated)
Task: {A81F3625-CFA0-4148-B2D8-8C0F0ABA1A36} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {AA7E6E4C-41A6-4575-8D47-F4E8F8E8F7C8} - System32\Tasks\Opera scheduled Autoupdate 1415701678 => C:\Program Files\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {B2CB2D8D-5788-4AAD-B28D-0567F2F17AE8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BDF3156A-0D17-43E8-9342-EC589266D3B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C648B029-0E76-45EE-966A-2BEBF308731B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {CB97F31B-502D-4429-B747-2A1223F131A3} - System32\Tasks\IE_ERR4WDR => C:\Program Files\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {CC532890-744F-43C7-85F8-B608A2B2F698} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {D4872FB1-D64F-4CEA-8B19-DE1238CA3A2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {DA2AF0BD-94A6-4740-945A-2E4CFE9F1ED5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {FCDD8A5D-86DD-4519-84BD-2ECFC04E0E3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ModuleBoost-S-4108971034.job => c:\programdata\trusted publisher\boostershare\ModuleBoost.exeR/schedule /profile c:\programdata\trusted publisher\boostershare\4108971034.ini <==== ATTENTION
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1415701678.job => C:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-18 19:10 - 2015-06-18 19:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-18 19:10 - 2015-06-18 19:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-19 07:43 - 2015-06-19 07:43 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061901\algo.dll
2013-12-08 19:03 - 2014-03-04 06:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-11-03 03:30 - 2010-11-03 03:30 - 00918144 ____R () C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
2013-12-11 03:08 - 2015-06-19 09:24 - 00020480 _____ () C:\Program Files\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2013-12-11 03:08 - 2010-06-28 20:58 - 00104448 ____R () C:\Program Files\ASUS\AXSP\1.00.13\ATKEX.dll
2015-06-18 18:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-18 18:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-10 18:49 - 2015-03-10 18:49 - 02563592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02423264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00110104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00022032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2013-12-16 04:03 - 2011-05-15 23:39 - 00053248 ____N () C:\Program Files\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2010-12-01 20:15 - 2010-12-01 20:15 - 00915584 ____N () C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
2013-12-16 03:53 - 2010-10-21 03:52 - 00586880 ____R () C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-03-10 18:47 - 2015-03-10 18:47 - 00670808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00090128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00029712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00048152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 10575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00634896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00592896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00415760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00640512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00087536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00104944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00770064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00692768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00866304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00217600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00806408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00182280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00873480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01019896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00030224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00769544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00897040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00194048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00711672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00677376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02370056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02667008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01013768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00046616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00998408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00766960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00304632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02125840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00973304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00928280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2013-12-16 04:03 - 2011-06-06 23:38 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-06-18 18:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-18 19:10 - 2015-06-18 19:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 08216048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00405520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01632248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00870408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00078656 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00184680 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00046920 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00123736 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-06-08 14:13 - 2015-06-08 14:13 - 00073544 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-06-08 14:11 - 2015-06-08 14:11 - 00039256 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2013-02-24 14:04 - 2013-02-24 14:04 - 00704008 _____ () C:\Windows\System32\C2MP\TrayMenu.exe
2013-12-16 03:53 - 2011-02-24 12:19 - 00143360 _____ () C:\Program Files\ASUS\AI Suite II\AssistFunc.dll
2013-12-16 03:53 - 2010-06-21 17:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\ImageHelper.dll
2013-12-16 03:53 - 2009-08-12 22:15 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\pngio.dll
2013-12-16 03:54 - 2011-03-09 16:55 - 01036800 _____ () C:\Program Files\ASUS\AI Suite II\ASUS Update\Update.dll
2013-12-16 03:53 - 2011-05-16 19:35 - 00965632 _____ () C:\Program Files\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-12-16 04:00 - 2011-03-11 21:53 - 01257472 _____ () C:\Program Files\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-12-16 04:01 - 2011-01-06 12:38 - 01027072 _____ () C:\Program Files\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-12-16 03:53 - 2011-05-20 11:12 - 00881152 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\Sensor.dll
2013-12-16 03:53 - 2011-04-07 19:33 - 01607168 _____ () C:\Program Files\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-12-16 03:53 - 2011-01-07 18:39 - 01246208 _____ () C:\Program Files\ASUS\AI Suite II\Settings\Settings.dll
2013-12-16 03:53 - 2010-08-06 20:11 - 00850944 _____ () C:\Program Files\ASUS\AI Suite II\Splitter\Splitter.dll
2013-12-16 03:53 - 2010-08-06 20:13 - 00886272 _____ () C:\Program Files\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-12-11 03:08 - 2010-08-22 20:17 - 00662016 ____R () C:\Program Files\ASUS\AAHM\1.00.14\aaHMLib.dll
2013-12-16 03:53 - 2010-06-21 17:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-06-18 18:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-18 18:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00019816 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 14:12 - 2015-06-08 14:12 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00034664 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\vizzed.com -> www.vizzed.com
IE trusted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-318896497-2290201194-3209112418-1000\...\123simsen.com -> www.123simsen.com
 
There are 7864 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.176.9
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer Utility.lnk => C:\Windows\pss\Image Transfer Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: uTorrent => "C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E0E10054-7C1E-47AE-8498-5AA818AF7CB7}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AD9F9A40-A94A-4815-988F-DF69FF71F28E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{675A76AC-9B2A-41AC-8035-931D8FE486AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4A06E72F-3678-433D-9B84-5EBBA0036221}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C91E3D9F-16EC-4AB9-AE6D-E29658D3E253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FBE96E0D-E0B4-4165-AA4B-DE74CBE186AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5BB54F67-AFCA-49F2-A813-25945C9006D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{12A7F44F-8A5C-4BB5-AE98-4C093B0AC450}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{27514968-8A2F-4F93-B291-7AE5C2BF4E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{95652DE5-25A8-4AFB-BE5E-A5EDB6E39004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3897FBAE-B73B-4BF4-A6DE-71F117C0F8A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A3B8D2A-FFCC-4906-816D-8484FA9C04FC}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{6B23329B-1431-493A-BA37-3DF033C8E786}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{3C075B64-8B6A-4652-B95D-C93050EB0C62}C:\2-click run\google sketchup pro 2013 v13.0.4812\sketchup.exe] => (Allow) C:\2-click run\google sketchup pro 2013 v13.0.4812\sketchup.exe
FirewallRules: [UDP Query User{DD74B78A-3F8B-4004-B1F1-3C45E314F2D7}C:\2-click run\google sketchup pro 2013 v13.0.4812\sketchup.exe] => (Allow) C:\2-click run\google sketchup pro 2013 v13.0.4812\sketchup.exe
FirewallRules: [TCP Query User{AB8D90D0-80AE-4A2D-8F35-B8B74582F83E}C:\2-click run\google sketchup pro 2013 v13.0.4812\layout\layout.exe] => (Block) C:\2-click run\google sketchup pro 2013 v13.0.4812\layout\layout.exe
FirewallRules: [UDP Query User{8AB8B13A-7E33-4242-8140-1E4AC2050CD4}C:\2-click run\google sketchup pro 2013 v13.0.4812\layout\layout.exe] => (Block) C:\2-click run\google sketchup pro 2013 v13.0.4812\layout\layout.exe
FirewallRules: [{A2A644EF-1710-4881-B0D5-ACF533A24F30}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0584C86C-5039-41DD-B266-BAF29F5AA2F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E6B2D928-C92C-4E89-86E0-BCC1B79DA845}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3C1EE02B-3A52-49E1-A0E2-41FCF3E7F6EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7D6128C2-62FE-4176-AAFA-A1D6EE9EF0DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06DFA874-5A66-4743-8B37-29CA7C1354A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2CFB12D-3040-4696-8F8C-E9F8CB6CDC75}] => (Allow) C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F02A517-F248-444A-91B3-C4BC4FD41933}] => (Allow) C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2621FD8-C7F1-432C-9CCB-556F5A8299A1}] => (Allow) C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4D0E531-C6FC-4DF3-B590-F5F132C8B5F1}] => (Allow) C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F1B3851-8981-4DF2-87BE-5F1530927477}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{FD2296DD-158E-49BA-A7C2-A6C727D909CA}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{35565962-48D0-4409-A26E-F2DB878354E9}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [UDP Query User{B540E497-E0E5-4EC8-B579-1224BA0F6BB6}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [{19AE3C5A-2E31-4689-AEB8-55B8CBA04F85}] => (Block) C:\program files\xbmc\xbmc.exe
FirewallRules: [{5B7E6D77-F85C-4E18-A392-7AF7D64AE071}] => (Block) C:\program files\xbmc\xbmc.exe
FirewallRules: [{A9BD361B-101F-4198-B1FB-605C9DC2CACF}] => (Allow) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{9F04C4AE-B88E-4763-97FC-0BD66C666DE8}] => (Allow) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{27AC2614-A9DE-47D4-9BE1-11B0E9E7E86D}] => (Allow) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0DCFC0FF-9DE0-41C3-A981-388EE536B295}] => (Allow) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{2640B1F8-6950-496C-A078-73264AB10773}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{905149CC-5EE0-4A51-A448-A137DC552D76}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{B4A2EF00-91D8-4AF7-930A-9495536617F5}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{32CDDF92-B20B-4D1F-99AC-971C7E492699}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{ADB2F867-D2D0-43DA-9C82-23A55D945E16}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{43E5837D-3055-49B4-8CE7-1F78FC57D11C}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{204D76D7-8860-443B-95E1-5712DE2EAE5A}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3CD1D398-5E02-40CC-9994-DB7B0EA54A9B}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{EE788DFA-521D-415B-88B0-0676FB9B080E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{98AE8AD0-BF9C-4E58-AA4C-B550DC9B0FF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Spyware Terminator 2012 Realtime Shield Driver
Description: Spyware Terminator 2012 Realtime Shield Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sp_rsdrv2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (06/18/2015 07:08:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e46f08cc-dc7d-4ed9-9250-c734a169e6df}
 
 
System errors:
=============
Error: (06/19/2015 09:26:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sp_rsdrv2
 
Error: (06/19/2015 08:55:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/19/2015 08:55:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/19/2015 08:55:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/19/2015 08:55:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/19/2015 08:55:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/19/2015 08:55:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/19/2015 08:55:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/19/2015 08:55:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (06/19/2015 08:55:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
 
Microsoft Office:
=========================
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/19/2015 08:55:02 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100
 
Error: (06/19/2015 08:54:51 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (06/18/2015 07:08:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e46f08cc-dc7d-4ed9-9250-c734a169e6df}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 3060.13 MB
Available physical RAM: 1569.61 MB
Total Pagefile: 6118.58 MB
Available Pagefile: 4285.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1850.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:175.78 GB) (Free:35.78 GB) NTFS
Drive d: () (Fixed) (Total:289.88 GB) (Free:48.83 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1411.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 27DD4094)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39FA7998)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
Again, thanks for any help.. I'll start to be more critical and careful again.
D
 
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 PM

Posted 22 June 2015 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\System32\C2MP\TrayMenu.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
AppInit_DLLs: c:\progra~1\sk-ena~1\psupport.dll => c:\progra~1\sk-ena~1\psupport.dll File not found
AppInit_DLLs:  c:\progra~1\websea~1\psupport.dll => c:\progra~1\websea~1\psupport.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk [2014-11-19]
ShortcutTarget: TrayMenu.lnk -> C:\Windows\System32\C2MP\TrayMenu.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-318896497-2290201194-3209112418-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchguru.info/?pid=1925&r=2013/12/16&hid=3937115478194894928&lg=EN&cc=CA&unqvl=43&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF SearchPlugin: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\wyk0doar.default\searchplugins\securesearch.xml [2015-06-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
OPR Extension: (CinemaPlus-3.2cV14.06) - C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-14]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\C2MP
C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp
C:\Users\Darren\AppData\Local\Temp\87708b9e-9238-4f12-85a9-076845de3ae5.ex
Task: {1C0E3C41-FDA0-48ED-8C56-34A7922DCF0C} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {4D7E9C00-94F9-4025-9F76-DAD1214CA071} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {A2890AEF-CE42-434D-8DEF-17327700EDD7} - System32\Tasks\ModuleBoost-S-4108971034 => c:\programdata\trusted publisher\boostershare\ModuleBoost.exe <==== ATTENTION
Task: {CB97F31B-502D-4429-B747-2A1223F131A3} - System32\Tasks\IE_ERR4WDR => C:\Program Files\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: C:\Windows\Tasks\ModuleBoost-S-4108971034.job => c:\programdata\trusted publisher\boostershare\ModuleBoost.exeR/schedule /profile c:\programdata\trusted publisher\boostershare\4108971034.ini <==== ATTENTION
End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 PCconfused

PCconfused
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 25 June 2015 - 04:33 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Darren at 2015-06-25 15:08:20 Run:1
Running from C:\Users\Darren\Desktop\Computer security
Loaded Profiles: Darren (Available Profiles: Darren)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\System32\C2MP\TrayMenu.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
AppInit_DLLs: c:\progra~1\sk-ena~1\psupport.dll => c:\progra~1\sk-ena~1\psupport.dll File not found
AppInit_DLLs:  c:\progra~1\websea~1\psupport.dll => c:\progra~1\websea~1\psupport.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk [2014-11-19]
ShortcutTarget: TrayMenu.lnk -> C:\Windows\System32\C2MP\TrayMenu.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-318896497-2290201194-3209112418-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine,S: WebSearch
FF
DefaultSearchUrl: hxxp://websearch.searchguru.info/?pid=1925&r=2013/12/16&hid=3937115478194894928&lg=EN&cc=CA&unqvl=43&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF SearchPlugin: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\wyk0doar.default\searchplugins\securesearch.xml [2015-06-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
OPR Extension: (CinemaPlus-3.2cV14.06) - C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-14]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
[X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\C2MP
C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp
C:\Users\Darren\AppData\Local\Temp\87708b9e-9238-4f12-85a9-076845de3ae5.ex
Task: {1C0E3C41-FDA0-48ED-8C56-34A7922DCF0C} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {4D7E9C00-94F9-4025-9F76-DAD1214CA071} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {A2890AEF-CE42-434D-8DEF-17327700EDD7} - System32\Tasks\ModuleBoost-S-4108971034 => c:\programdata\trusted publisher\boostershare\ModuleBoost.exe <==== ATTENTION
Task: {CB97F31B-502D-4429-B747-2A1223F131A3} - System32\Tasks\IE_ERR4WDR => C:\Program Files\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: C:\Windows\Tasks\ModuleBoost-S-4108971034.job => c:\programdata\trusted
publisher\boostershare\ModuleBoost.exeR/schedule /profile c:\programdata\trusted publisher\boostershare\4108971034.ini <==== ATTENTION
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\C2MP\TrayMenu.exe
C:\Windows\System32\C2MP\TrayMenu.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"c:\progra~1\sk-ena~1\psupport.dll" => value data not found.
" c:\progra~1\websea~1\psupport.dll" => value data not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk => moved successfully.
C:\Windows\System32\C2MP\TrayMenu.exe => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-318896497-2290201194-3209112418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Firefox DefaultSearchEngine,S removed successfully.
FF => Error: No automatic fix found for this entry.
DefaultSearchUrl: hxxp://websearch.searchguru.info/?pid=1925&r=2013/12/16&hid=3937115478194894928&lg=EN&cc=CA&unqvl=43&l=1&q= => Error: No automatic fix found for this entry.
Firefox SearchEngineOrder.1,S removed successfully.
Firefox SelectedSearchEngine,S removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => key removed successfully.
"C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\wyk0doar.default\searchplugins\securesearch.xml" => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp folder not found.
dgderdrv => Service removed successfully.
sp_rsdrv2 => Service not found.
Synth3dVsc => Service removed successfully.
[X] => Error: No automatic fix found for this entry.
tsusbhub => Service removed successfully.
VGPU => Service removed successfully.
C:\Windows\System32\C2MP => moved successfully.
"C:\Users\Darren\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp" => File/Folder not found.
"C:\Users\Darren\AppData\Local\Temp\87708b9e-9238-4f12-85a9-076845de3ae5.ex" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C0E3C41-FDA0-48ED-8C56-34A7922DCF0C} => key not found.
C:\Windows\System32\Tasks\UPDTEXE4_WDR not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7E9C00-94F9-4025-9F76-DAD1214CA071}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7E9C00-94F9-4025-9F76-DAD1214CA071}" => key removed successfully.
C:\Windows\System32\Tasks\HDNINSTSCHD => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2890AEF-CE42-434D-8DEF-17327700EDD7} => key not found.
C:\Windows\System32\Tasks\ModuleBoost-S-4108971034 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ModuleBoost-S-4108971034 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB97F31B-502D-4429-B747-2A1223F131A3} => key not found.
C:\Windows\System32\Tasks\IE_ERR4WDR not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
C:\Windows\Tasks\ModuleBoost-S-4108971034.job not found.
publisher\boostershare\ModuleBoost.exeR/schedule /profile c:\programdata\trusted publisher\boostershare\4108971034.ini <==== ATTENTION => Error: No automatic fix found for this entry.
EmptyTemp: => 60.2 MB temporary data Removed.

 

 

 

# AdwCleaner v4.207 - Logfile created 25/06/2015 at 15:12:13
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Darren - DARREN-PC
# Running from : C:\Users\Darren\Desktop\Computer security\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Opera v30.0.1835.88

*************************

AdwCleaner[R0].txt - [4110 bytes] - [25/06/2015 10:54:53]
AdwCleaner[R1].txt - [1051 bytes] - [25/06/2015 12:54:56]
AdwCleaner[R2].txt - [779 bytes] - [25/06/2015 15:12:13]
AdwCleaner[S0].txt - [4314 bytes] - [25/06/2015 10:55:55]
AdwCleaner[S1].txt - [1118 bytes] - [25/06/2015 12:56:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [955 bytes] ##########

 

We shall see how it is running soon enough......

Thx for the help NAS,

D

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 PM

Posted 26 June 2015 - 07:42 AM

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 PM

Posted 01 July 2015 - 01:39 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:37 PM

Posted 07 July 2015 - 07:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users