Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updated Flash plugin and now infected with malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 Arlo1234

Arlo1234

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 14 July 2015 - 08:41 PM

Updated Flash plugin and now infected with malware. Everytime I open new tab on Firefox, it redirects to malware search engine.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Mike (administrator) on MIKE-PC on 14-07-2015 21:34:24
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {B1610118-99AA-4713-8EAC-100D48AE2214} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B1610118-99AA-4713-8EAC-100D48AE2214} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {CAFF57E4-015E-4421-ACC4-8B192E595DA4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI5Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI5Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> DefaultScope {B1610118-99AA-4713-8EAC-100D48AE2214} URL =
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI4A,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> {D839E81C-A23B-4D73-9409-570A05E77923} URL = https://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll [2014-01-31] (XtensionPlus)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: WSWSVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C3ED939E-67C6-4C3A-98B9-87FBA63EA90C}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.ebay.com/itm/n-n-BY-NUMBER-N-INE-INDIAN-PATTERN-STRETCH-DENIM-PANTS-size2-indigo-blue-men-n-/121660455188?|hxxp://www.ebay.com/itm/Raf-Simons-AW1996-1997-We-Only-Come-Out-At-Night-black-sweater-/111667351068?pt=LH_DefaultDomain_0&hash=item19ffe48e1c|hxxp://global.rakuten.com/en/store/ragnetjapan/item/47480/|hxxp://global.rakuten.com/en/store/coupy/item/hds-mip05/|hxxp://www.ebay.com/itm/100-Medium-Venom-Nitrile-Black-Gloves-Box-Tattoo-Piercing-Exam-Latex-Powder-Free-/361307154684?|hxxp://www.ebay.com/itm/BRAND-NEW-ADIDAS-ORIGINAL-RAGLAN-HOODIE-PULLOVER-2015-ROYAL-BLUE-S-2XL-S13539-/321688861932?pt=LH_DefaultDomain_0&var=&hash=item4ae6267cec|hxxp://www.ebay.com/itm/Bamix-76102173-Mono-Wand-Mixer-76102173-/141416797255?pt=LH_DefaultDomain_2&hash=item20ed191447|hxxp://www.personaledge.com/on/p-bamix_76102173_mono_wand_mixer-4-264-88018.php|hxxp://www.servicecanada.gc.ca/eforms/forms/cdn-p2e.pdf|hxxp://www.canadiantire.ca/en/pdp/metal-rescue-rust-remover-bath-3-78-liters-0477920p.html#.VWmsn0a-tv3|hxxp://www.ebay.com/sch/i.html?_from=R40&_sacat=0&_nkw=silpheed+sega+cd&_sop=15&rt=nc|hxxp://www.ebay.ca/itm/Sega-Dreamcast-White-System-Complete-In-Box-NTSC-100-Guaranteed-To-Work-/331418803466?pt=Video_Games&hash=item4d2a199d0a|hxxp://www.gamegenie.com/cheats/gamegenie/genesis/|https://www.google.ca/search?q=Lactobacillus+plantarum&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb&gfe_rd=cr&ei=G3BPVNTKJ6zE8gfS1IHADw|https://www.google.ca/search?safe=off&rls=org.mozilla:en-US:official&channel=sb&q=Bifidobacterium+lactis+HN019+supplement&client=firefox-a&bav=on.2,or.r_qf.&cad=b&biw=1920&bih=938&ech=1&psi=zdrKVJjGMoT2yQTIoIHACw.1422580442945.3&ei=zdrKVJjGMoT2yQTIoIHACw&emsg=NCSR&noj=1|https://well.ca/products/now-foods-gi-probiotic_86820.html|hxxp://www.ebay.com/sch/i.html?_sacat=0&_nkw=yuketen&_sop=10|hxxp://www.ebay.com/sch/Mens-Shoes-/93427/i.html?_from=R40&_sop=10&_nkw=ann+demeulemeester|hxxp://www.beyondveg.com/tu-j-l/raw-cooked/raw-cooked-2e.shtml|hxxp://www.doctorkato.com/|hxxp://tos.wustl.edu/For-Patients/Venous-TOS|hxxp://www.doctorschierling.com/blog/thoracic-outlet-syndrome|hxxp://cirugiavascularactual.blogspot.ca/2011/02/thoracic-outlet-syndrome-tos-and-its.html|hxxp://www.toholistichealth.ca/chiropractic-chiropractor/blog/thoracic.html|hxxp://www.allaboutvision.com/conditions/eye-occlusions.htm|hxxp://radiopaedia.org/articles/proptosis-1|hxxp://www.dicardiology.com/article/comparing-cta-and-mra|hxxp://www.hopkinsmedicine.org/heart_vascular_institute/media/video/transcriptions/what_is_thoracic_outlet_syndrome.html|https://books.google.ca/books?id=Q_ELBAAAQBAJ&pg=PA555&lpg=PA555&dq=venous+cerebrovascular+hypertension+proptosis&source=bl&ots=c6uu-9Kwbq&sig=rhvosk_5x_ueiZPx_P0Ofou4c9o&hl=en&sa=X&ei=IngRVJG4GeXo8QHZ9YGYDw#v=onepage&q=venous%20cerebrovascular%20hypertension%20proptosis&f=false|hxxp://www.patient.co.uk/doctor/The-Eye-In-Systemic-Disease.htm|hxxp://lpi.oregonstate.edu/research-newsletter
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\searchplugins\youtube-video-search.xml [2015-06-06]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\artur.dubovoy@gmail.com [2015-05-28]
FF Extension: Flashblock - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-28]
FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-22]
FF Extension: New Tab by Yahoo - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-06-22]
FF Extension: Video DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: User Agent Switcher - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-01-13]
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-06-10]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-14]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2014-01-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Cdr4_2K; C:\Windows\SysWow64\Drivers\Cdr4_2K.sys [52720 2015-05-27] (Adaptec)
S2 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [22585 2015-05-27] (Adaptec) [File not signed]
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 21:33 - 2015-07-14 21:34 - 00020356 _____ C:\Users\Mike\Desktop\FRST.txt
2015-07-14 21:33 - 2015-07-14 21:34 - 00016930 _____ C:\Users\Mike\Desktop\Addition.txt
2015-07-14 21:32 - 2015-07-14 21:34 - 00000000 ____D C:\FRST
2015-07-14 21:31 - 2015-07-14 21:31 - 02133504 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-07-14 21:31 - 2015-07-14 21:31 - 00088496 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-14 19:06 - 2015-07-14 19:06 - 00000000 ____D C:\Users\Mike\AppData\Local\YSearchUtil
2015-07-14 19:04 - 2015-07-14 19:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-14 19:03 - 2015-07-14 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-14 19:03 - 2015-07-14 19:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-14 07:08 - 2015-07-14 07:11 - 27065289 _____ C:\Users\Mike\Desktop\Lucky guy bangs huge titted fatty - xHamster.com.flv
2015-07-14 07:08 - 2015-07-14 07:11 - 22347474 _____ C:\Users\Mike\Desktop\My plump neighbor needs exercisse - xHamster.com.flv
2015-07-14 06:34 - 2015-07-14 06:44 - 150441194 _____ C:\Users\Mike\Desktop\BBW Anal 287 - xHamster.com.flv
2015-07-14 06:30 - 2015-07-14 06:37 - 62752839 _____ C:\Users\Mike\Desktop\Fat blonde woman bleep guy - xHamster.com.flv
2015-07-13 20:17 - 2015-07-13 20:20 - 95949930 _____ C:\Users\Mike\Desktop\BBW Soccer Mom Bent Over and bleep on Balcony brianne best - xHamster.com.flv
2015-07-13 18:44 - 2015-07-13 18:47 - 99087262 _____ C:\Users\Mike\Desktop\Bettie Pumpkin's Alone in the Dark - xHamster.com.flv
2015-07-13 18:44 - 2015-07-13 18:44 - 06401468 _____ C:\Users\Mike\Desktop\Bettie Pumpkin Webcam Whore brianne best - xHamster.com.flv
2015-07-13 18:43 - 2015-07-13 18:44 - 09866574 _____ C:\Users\Mike\Desktop\MUFFIN's Striptease - xHamster.com.flv
2015-07-13 18:43 - 2015-07-13 18:43 - 03637392 _____ C:\Users\Mike\Desktop\Cam4 23 - xHamster.com.flv
2015-07-13 18:38 - 2015-07-13 18:40 - 26163323 _____ C:\Users\Mike\Desktop\Hot BBW with dildo - xHamster.com.flv
2015-07-13 18:37 - 2015-07-13 18:39 - 26855168 _____ C:\Users\Mike\Desktop\Curvy Mother milking her boobs brianne best - xHamster.com.flv
2015-07-13 18:22 - 2015-07-13 18:24 - 27348879 _____ C:\Users\Mike\Desktop\Eros & Music - BBW Tatoo - xHamster.com.flv
2015-07-13 18:20 - 2015-07-13 18:20 - 05407243 _____ C:\Users\Mike\Desktop\BBW Ass Shake - xHamster.com.flv
2015-07-13 18:17 - 2015-07-13 18:23 - 83753555 _____ C:\Users\Mike\Desktop\Horny Chubby Teen GF having fun with her lesbian friend - xH.flv
2015-07-13 18:15 - 2015-07-13 18:24 - 83120849 _____ C:\Users\Mike\Desktop\30 Euro Flatrate auf FickpensionCOM - xHamster.com.flv
2015-07-13 17:36 - 2015-07-13 17:39 - 53174503 _____ C:\Users\Mike\Desktop\Couple Having A bleep - xHamster.com.flv
2015-07-13 07:39 - 2015-07-13 07:45 - 79382692 _____ C:\Users\Mike\Desktop\Fisting and bleep my Fat BBW Ex GF - xHamster.com.flv
2015-07-13 07:39 - 2015-07-13 07:40 - 08739106 _____ C:\Users\Mike\Desktop\000 Big Facial Big Blonde brianne best - xHamster.com.flv
2015-07-10 19:15 - 2015-07-10 19:18 - 83117967 _____ C:\Users\Mike\Desktop\TRIGENICS CASES THORACIC OUTLET SYNDROME PECTORALIS MINOR TR.mp4
2015-07-07 18:42 - 2015-07-07 18:42 - 00078472 _____ C:\Users\Mike\Desktop\900x900px-LL-b29a9fc6_P1040105.jpeg
2015-07-04 11:23 - 2015-07-05 07:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-29 06:34 - 2015-04-18 13:02 - 00000000 ____D C:\Users\Mike\Desktop\testdisk-7.0
2015-06-22 16:08 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-06-22 16:08 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-06-22 16:08 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-06-22 16:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-06-22 16:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-06-22 16:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-06-22 16:08 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-06-22 16:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-06-22 16:08 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-06-22 16:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-06-22 16:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-06-22 16:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-06-22 16:08 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-06-22 16:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-06-22 16:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-06-22 16:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-06-22 16:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-06-22 16:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-06-22 16:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-06-22 16:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-06-22 16:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-06-22 16:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-06-22 16:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-06-22 16:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-06-22 16:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-06-22 16:08 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-06-22 16:08 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-06-22 16:08 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-06-22 16:08 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-06-22 16:08 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-06-22 16:08 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-06-22 16:08 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-06-22 16:08 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-06-22 16:08 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-06-22 16:08 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-06-22 16:08 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-06-22 16:08 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-06-22 16:08 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-06-22 16:07 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-06-22 16:07 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-06-22 16:07 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-06-22 16:07 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-06-22 16:07 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-06-22 16:07 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-06-22 16:07 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-06-22 16:07 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-06-22 16:07 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-06-22 16:07 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-06-22 16:07 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-06-22 16:07 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-06-22 16:07 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-06-22 16:07 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-06-22 16:07 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-06-22 16:07 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-06-22 16:07 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-06-22 16:07 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-06-22 16:07 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-06-22 16:07 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-06-22 16:07 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-06-22 16:07 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-06-22 16:07 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-06-22 16:07 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-06-22 16:07 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-06-22 16:07 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-06-22 16:07 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-06-22 16:07 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-06-22 16:07 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-06-22 16:07 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-06-22 16:07 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-06-22 16:07 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-06-22 16:07 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-06-22 16:07 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-06-22 16:07 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-06-22 16:07 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-06-22 16:07 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-06-22 16:07 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-06-22 16:07 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-06-22 16:07 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-06-22 16:07 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-06-22 16:07 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-06-22 16:07 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-06-22 16:07 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-06-22 16:07 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-06-22 16:07 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-06-22 16:07 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-06-22 16:07 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-06-22 16:07 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-06-22 16:07 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-06-22 16:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-06-22 16:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-06-22 16:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-06-22 16:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-06-22 16:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-06-22 16:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-06-22 16:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-06-22 16:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-06-22 16:07 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-06-22 16:07 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-06-22 16:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-06-22 16:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-06-22 16:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-06-22 16:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-06-22 16:07 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-06-22 16:07 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-06-22 16:07 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-06-22 16:07 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-06-22 16:07 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-06-22 16:07 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-06-22 16:07 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-06-22 16:07 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-06-22 16:07 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-06-22 16:07 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-06-22 16:05 - 2015-06-22 16:08 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-22 16:05 - 2015-06-22 16:07 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-22 15:59 - 2015-06-22 19:34 - 00000000 ____D C:\Users\Mike\Desktop\SNES EMULATOR
2015-06-21 14:14 - 2015-06-22 11:27 - 00000000 ____D C:\Users\Mike\Desktop\SNES ROMS (Good SNES 2.04)
2015-06-19 19:22 - 2015-06-19 19:22 - 00088496 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-15 17:56 - 2015-06-15 17:57 - 33758890 _____ C:\Users\Mike\Desktop\Bates Method 101 The Long Swing.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 21:32 - 2015-06-13 12:13 - 01035933 _____ C:\Windows\WindowsUpdate.log
2015-07-14 21:17 - 2015-05-29 16:46 - 00000000 ____D C:\Users\Mike\Desktop\CLOTHES
2015-07-14 21:03 - 2014-01-22 20:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 19:52 - 2015-05-23 10:18 - 00000000 ____D C:\Users\Mike\Desktop\CDG
2015-07-14 19:07 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 19:07 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 19:04 - 2014-01-15 07:58 - 00000000 ____D C:\ProgramData\Oracle
2015-07-14 19:03 - 2014-01-22 20:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 19:03 - 2014-01-06 20:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 19:03 - 2014-01-06 20:50 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 18:32 - 2014-08-26 17:58 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe
2015-07-13 20:26 - 2015-03-14 11:26 - 00000000 ____D C:\Users\Mike\Desktop\Misc 3
2015-07-13 19:17 - 2014-01-13 15:52 - 00000000 ____D C:\Users\Mike\Documents\MIKE
2015-07-13 14:52 - 2015-05-11 14:55 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-07-13 14:52 - 2015-05-11 14:55 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-07-13 14:52 - 2014-01-05 19:05 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-13 14:51 - 2014-01-05 19:04 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate
2015-07-13 14:51 - 2014-01-05 19:04 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP Support Assistant
2015-07-13 07:41 - 2015-05-26 06:48 - 00000000 ____D C:\Users\Mike\Desktop\RAF SIMONS 1
2015-07-12 18:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 21:08 - 2014-01-23 07:21 - 00000000 ____D C:\Users\Mike\Desktop\STUFF FOR SALE
2015-07-05 19:39 - 2014-01-05 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 16:19 - 2014-12-09 22:14 - 00000000 __SHD C:\Users\Mike\AppData\Local\EmieBrowserModeList
2015-07-04 16:19 - 2014-05-17 09:09 - 00000000 __SHD C:\Users\Mike\AppData\Local\EmieUserList
2015-07-04 16:19 - 2014-05-17 09:09 - 00000000 __SHD C:\Users\Mike\AppData\Local\EmieSiteList
2015-06-30 17:51 - 2014-01-06 09:25 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-06-30 07:31 - 2014-01-06 23:37 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2015-06-27 07:31 - 2014-01-10 17:17 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-27 07:31 - 2014-01-10 17:17 - 00000000 ____D C:\Program Files\CCleaner
2015-06-24 10:43 - 2015-01-08 21:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2014-01-07 01:00 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 21:21 - 2014-01-24 22:56 - 00000964 _____ C:\Users\Mike\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======

2014-01-24 22:56 - 2015-06-22 21:21 - 0000964 _____ () C:\Users\Mike\AppData\Roaming\wklnhst.dat
2014-01-05 20:46 - 2014-10-31 19:18 - 0002747 _____ () C:\ProgramData\hpzinstall.log
2014-06-10 07:27 - 2014-06-10 07:28 - 2501961 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe

Files to move or delete:
====================
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe


Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:50

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 15 July 2015 - 09:18 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Full System Scan with Malwarebytes Antimalware



  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 15 July 2015 - 07:41 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Mike at 2015-07-15 18:42:24 Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
EZ YouTube Video Downloader

BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll [2014-01-31] (XtensionPlus)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.ebay.com/itm/n-n-BY-NUMBER-N-INE-INDIAN-PATTERN-STRETCH-DENIM-PANTS-size2-indigo-blue-men-n-/121660455188?|hxxp://www.ebay.com/itm/Raf-Simons-AW1996-1997-We-Only-Come-Out-At-Night-black-sweater-/111667351068?pt=LH_DefaultDomain_0&hash=item19ffe48e1c|hxxp://global.rakuten.com/en/store/ragnetjapan/item/47480/|hxxp://global.rakuten.com/en/store/coupy/item/hds-mip05/|hxxp://www.ebay.com/itm/100-Medium-Venom-Nitrile-Black-Gloves-Box-Tattoo-Piercing-Exam-Latex-Powder-Free-/361307154684?|hxxp://www.ebay.com/itm/BRAND-NEW-ADIDAS-ORIGINAL-RAGLAN-HOODIE-PULLOVER-2015-ROYAL-BLUE-S-2XL-S13539-/321688861932?pt=LH_DefaultDomain_0&var=&hash=item4ae6267cec|hxxp://www.ebay.com/itm/Bamix-76102173-Mono-Wand-Mixer-76102173-/141416797255?pt=LH_DefaultDomain_2&hash=item20ed191447|hxxp://www.personaledge.com/on/p-bamix_76102173_mono_wand_mixer-4-264-88018.php|hxxp://www.servicecanada.gc.ca/eforms/forms/cdn-p2e.pdf|hxxp://www.canadiantire.ca/en/pdp/metal-rescue-rust-remover-bath-3-78-liters-0477920p.html#.VWmsn0a-tv3|hxxp://www.ebay.com/sch/i.html?_from=R40&_sacat=0&_nkw=silpheed+sega+cd&_sop=15&rt=nc|hxxp://www.ebay.ca/itm/Sega-Dreamcast-White-System-Complete-In-Box-NTSC-100-Guaranteed-To-Work-/331418803466?pt=Video_Games&hash=item4d2a199d0a|hxxp://www.gamegenie.com/cheats/gamegenie/genesis/|https://www.google.ca/search?q=Lactobacillus+plantarum&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb&gfe_rd=cr&ei=G3BPVNTKJ6zE8gfS1IHADw|https://www.google.ca/search?safe=off&rls=org.mozilla:en-US:official&channel=sb&q=Bifidobacterium+lactis+HN019+supplement&client=firefox-a&bav=on.2,or.r_qf.&cad=b&biw=1920&bih=938&ech=1&psi=zdrKVJjGMoT2yQTIoIHACw.1422580442945.3&ei=zdrKVJjGMoT2yQTIoIHACw&emsg=NCSR&noj=1|https://well.ca/products/now-foods-gi-probiotic_86820.html|hxxp://www.ebay.com/sch/i.html?_sacat=0&_nkw=yuketen&_sop=10|hxxp://www.ebay.com/sch/Mens-Shoes-/93427/i.html?_from=R40&_sop=10&_nkw=ann+demeulemeester|hxxp://www.beyondveg.com/tu-j-l/raw-cooked/raw-cooked-2e.shtml|hxxp://www.doctorkato.com/|hxxp://tos.wustl.edu/For-Patients/Venous-TOS|hxxp://www.doctorschierling.com/blog/thoracic-outlet-syndrome|hxxp://cirugiavascularactual.blogspot.ca/2011/02/thoracic-outlet-syndrome-tos-and-its.html|hxxp://www.toholistichealth.ca/chiropractic-chiropractor/blog/thoracic.html|hxxp://www.allaboutvision.com/conditions/eye-occlusions.htm|hxxp://radiopaedia.org/articles/proptosis-1|hxxp://www.dicardiology.com/article/comparing-cta-and-mra|hxxp://www.hopkinsmedicine.org/heart_vascular_institute/media/video/transcriptions/what_is_thoracic_outlet_syndrome.html|https://books.google.ca/books?id=Q_ELBAAAQBAJ&pg=PA555&lpg=PA555&dq=venous+cerebrovascular+hypertension+proptosis&source=bl&ots=c6uu-9Kwbq&sig=rhvosk_5x_ueiZPx_P0Ofou4c9o&hl=en&sa=X&ei=IngRVJG4GeXo8QHZ9YGYDw#v=onepage&q=venous%20cerebrovascular%20hypertension%20proptosis&f=false|hxxp://www.patient.co.uk/doctor/The-Eye-In-Systemic-Disease.htm|hxxp://lpi.oregonstate.edu/research-newsletter
FF Extension: New Tab by Yahoo - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-06-22]
FF Extension: Video DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FirewallRules: [TCP Query User{7FC79230-2E07-4A6D-A6CA-0540DBA97DF8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4FFC0DA2-65A1-45DC-9900-4251DE3017A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
SearchScopes: HKLM -> {CAFF57E4-015E-4421-ACC4-8B192E595DA4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI5Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI5Q,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> DefaultScope {B1610118-99AA-4713-8EAC-100D48AE2214} URL =
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWceIULnxdSy5z5E8WwPnYEoDnsEYcDEItr5GLQARwc5jT4kYI_hC7WcT7BChVxoBiiLPgowXUGoe5c5iduJGkoI0AxQ3LH8CMDFSaFDi38Dry4s_5QBhoMh2waIyrI4A,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3366800280-3059602650-2035242441-1000 -> {D839E81C-A23B-4D73-9409-570A05E77923} URL = https://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe
C:\Program Files (x86)\EZ YouTube Video Downloader

CloseProcesses:
EmptyTemp:
Reboot:
*****************

EZ YouTube Video Downloader => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => key not found.
Firefox newtab removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox homepage removed successfully
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi => moved successfully.
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7FC79230-2E07-4A6D-A6CA-0540DBA97DF8}C:\program files (x86)\mozilla firefox\firefox.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4FFC0DA2-65A1-45DC-9900-4251DE3017A3}C:\program files (x86)\mozilla firefox\firefox.exe => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAFF57E4-015E-4421-ACC4-8B192E595DA4}" => key removed successfully
HKCR\CLSID\{CAFF57E4-015E-4421-ACC4-8B192E595DA4} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
"HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D839E81C-A23B-4D73-9409-570A05E77923}" => key removed successfully
HKCR\CLSID\{D839E81C-A23B-4D73-9409-570A05E77923} => key not found.
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe => moved successfully.
C:\Program Files (x86)\EZ YouTube Video Downloader => moved successfully.
Processes closed successfully.
EmptyTemp: => 112.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:42:27 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-07-15
Scan Time: 6:52 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.06
Rootkit Database: v2015.07.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411733
Time Elapsed: 12 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 26
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{77F2CBBB-18C4-40E1-B1A4-CFBDAB58EDC7}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5FEA7FE3-4931-42F6-91D6-C9895DBB9D3E}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1EA47D8E-1A2F-4894-BB95-0844F0543258}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DA5ABE1B-452C-4BDC-9984-ECFB81431E03}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1EA47D8E-1A2F-4894-BB95-0844F0543258}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DA5ABE1B-452C-4BDC-9984-ECFB81431E03}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1EA47D8E-1A2F-4894-BB95-0844F0543258}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DA5ABE1B-452C-4BDC-9984-ECFB81431E03}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5FEA7FE3-4931-42F6-91D6-C9895DBB9D3E}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5FEA7FE3-4931-42F6-91D6-C9895DBB9D3E}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\RegistryHelperLM.LicenseManager, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RegistryHelperLM.LicenseManager, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\RegistryHelperLM.LicenseManager, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.RegistryHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77F2CBBB-18C4-40E1-B1A4-CFBDAB58EDC7}, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.SecurityUpdatesService.A, HKLM\SOFTWARE\SecurityUpdatesService, Quarantined, [c84ad70b3b4f80b6ec36ab7ccb38b14f],
PUP.Optional.SecurityUpdatesService.A, HKLM\SOFTWARE\WOW6432NODE\SecurityUpdatesService, Quarantined, [4bc728baaedc59ddb969f0379370867a],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, Quarantined, [24ee855da4e6ec4ae70e53d2ec1746ba],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, Quarantined, [c34fc121dab01f171bd940e5bb48857b],
PUP.Optional.ReMarkit.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, Quarantined, [9f73647e98f26ccae3dc968de81b52ae],
PUP.Optional.AnyProtect.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\ANYPROTECT, Quarantined, [7e94d70b850577bf05fe2a6937cd659b],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, Quarantined, [848ed0121b6f1f1704bb8e9505fecc34],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [02109f43632792a405b1572307fddd23],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4180AD56-11E7-4CD8-B57D-668FB38AB8F3}, Quarantined, [0111c71bd3b7bb7b730d246a040025db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D383DFD7-FA0E-41CA-9590-B5AC561B7D3D}, Quarantined, [29e91bc7e9a10b2b354cb1dde123cf31],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\SEARCH SETTINGS, Quarantined, [55bddf03f89215216190f530cd3638c8],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\SMARTBAR, Quarantined, [2ee41bc73456280eeae769120ef6fc04],

Registry Values: 9
PUP.Optional.EZYouTubeDownloader.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8167E8F2-A770-4EFB-BA53-8A511051CD9B}, C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}, Quarantined, [6ba7449ee4a6c96d92175542788c9070]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|serverURL, http://www.mybrowserbar.com/, Quarantined, [24ee855da4e6ec4ae70e53d2ec1746ba]
PUP.Optional.EZYouTubeDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{8167E8F2-A770-4EFB-BA53-8A511051CD9B}, C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}, Quarantined, [888a5f83d3b7a88e7c2d4d4a09fb21df]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, Quarantined, [c34fc121dab01f171bd940e5bb48857b]
PUP.Optional.AnyProtect.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\ANYPROTECT|IsSilent, 1, Quarantined, [7e94d70b850577bf05fe2a6937cd659b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4180AD56-11E7-4CD8-B57D-668FB38AB8F3}|AppName, 03f7dc28-52c9-452a-802a-c94ea081aa20-2.exe-buttonutil.exe, Quarantined, [0111c71bd3b7bb7b730d246a040025db]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D383DFD7-FA0E-41CA-9590-B5AC561B7D3D}|AppName, 03f7dc28-52c9-452a-802a-c94ea081aa20-2.exe-codedownloader.exe, Quarantined, [29e91bc7e9a10b2b354cb1dde123cf31]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\SEARCH SETTINGS|GCProtected, 1, Quarantined, [55bddf03f89215216190f530cd3638c8]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\SOFTWARE\SMARTBAR|Publisher, ShoppingHelper, Quarantined, [2ee41bc73456280eeae769120ef6fc04]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\LocalLow\Search Settings, Quarantined, [e032479bd4b66ec8e86d1dc653af48b8],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\LocalLow\Search Settings\res, Quarantined, [e032479bd4b66ec8e86d1dc653af48b8],
PUP.Optional.Spigot.A, C:\Users\Mike\AppData\LocalLow\Search Settings\temp, Quarantined, [e032479bd4b66ec8e86d1dc653af48b8],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, Quarantined, [b16149995931b48270970eddb54d04fc],
PUP.Optional.Yappyz.A, C:\Users\Mike\AppData\Local\YappyzUninstall, Quarantined, [cf43954d1575d5615010b73ccb378878],
PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx, Quarantined, [59b93ea4404a5ed8fe5f6a97c83b51af],

Files: 4
PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\Uninstall.exe, Quarantined, [41d1bb275f2bb2842a3de87a2adbf808],
PUP.Optional.RegistryHelper.A, C:\Windows\SysWOW64\RegistryHelperLM.ocx, Quarantined, [0012865c92f8072f1e1159abda2907f9],
PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe, Quarantined, [59b93ea4404a5ed8fe5f6a97c83b51af],
PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\product.guid, Quarantined, [59b93ea4404a5ed8fe5f6a97c83b51af],

Physical Sectors: 0
(No malicious items detected)


(end)

 

No threats found by ESET online scanner.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 16 July 2015 - 01:57 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 16 July 2015 - 05:30 AM

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 06:25:47
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Folder Deleted : C:\Users\Mike\AppData\Local\YSearchUtil
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZ YouTube Video Downloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[c1jmx44y.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

*************************

AdwCleaner[R0].txt - [4072 bytes] - [16/07/2015 06:15:59]
AdwCleaner[S0].txt - [3992 bytes] - [16/07/2015 06:25:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4051  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by Mike on 2015-07-16 at  6:30:17.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\003
Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming\new version available



~~~ FireFox

Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\c1jmx44y.default\minidumps [48 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-07-16 at  6:33:18.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


 


Edited by Arlo1234, 16 July 2015 - 05:45 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 16 July 2015 - 07:01 AM

Are any problems left or may I post the final reply?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 16 July 2015 - 04:41 PM

Nope. Everything seems fine. Thanks for your help!



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 17 July 2015 - 04:09 AM

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 PM

Posted 04 August 2015 - 02:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users