Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-Agent and exploit:js/axpergle


  • This topic is locked This topic is locked
67 replies to this topic

#1 kls_01

kls_01

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 06 August 2015 - 01:43 PM

I am running Windows 7, 32-bit.  I use AVG and Spybot S&D as antivirus, and haven't had an issue in over 10 years that I wasn't able to clear up myself with these antivirus programs and by reading through these forums ;)   My computer has been running very slow for several months, but I haven't bothered to mess with it much.  With the introduction of smartphones and tablets, my family doesn't use our desktop as often.  Long story short, I haven't kept up on updating and scanning my computer.  I finally decided to look into it, and I seem to have something that is being extremely deceptive that I have never dealt with before.  I ran my normal antivirus and was told on top of several PUPS, I had Trojan.Agent/Gen-Agent and exploit:js/axpergle.  These were found by different antivirus software, I cannot tell you which ones as I've run so many since then I can't remember.  Anyway, the programs say they've taken care of the issue, but clearly I am still harboring a Trojan. Problems I've encountered since "removing" these Trojans: unable to start command prompt - I received an error.  Unable to turn on Windows Defender - error.  Unable to update other antivirus programs - error.  With some antivirus programs I get an error saying it can't update, then it says it was updated.  Then I run it, it finds issues, it says it has deleted them, but it hasn't done anything.  I have run all of these things in safe mode once running in regular mode didn't seem to work.  I finally gave up and tried a system restore, and near the end I received an error saying it couldn't be done...but then when it restarted it said that the system restore had been completed and it appears that my system has in fact been reset to the date I chose.  I've run the two antivirus programs listed above plus: SuperAnti Spyware, TDSSkiller,  ESETPoweliks cleaner, Kapersky, Malwarebytes, FRST, and all after running iexplore.exe in safe mode first. I've also tried ESET online 1 time scanner, and get an error saying the database can't be downloaded, is the proxy configured?  I am at my wits end and am asking for the infinite wisdom of Bleeping Computer professional to help me out.  I've dealt with Trojans that hide everything on the desktop, completely blocked antivirus and the internet, but never one that pretends my legit antivirus does its job so it can go undetected.  Any assistance with my BLEEPING computer is very much appreciated :)



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 09 August 2015 - 07:20 PM

Greetings kls_01 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 10:07 AM

Hello, Gary!  Thanks in advance for the help.  My name is Kristie :)  I should be able to check this at least once daily, but I will try and let you know if I will be predisposed.

 

I will tell you in advance that I am using Firefox as my browser and that I had changed my downloads in the settings to be saved automatically on my desktop, but these settings have been changed(I'm assuming by the trojan) and I can no longer get to my browser settings.  So, I downloaded Farbar to downloads and then moved it to the desktop.  Please let me know if this won't work, and I'll try from a different browser.

 

FRST results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015
Ran by Josh and Kristie (administrator) on HOME (10-08-2015 09:46:45)
Running from C:\Users\Josh and Kristie\Desktop
Loaded Profiles: Josh and Kristie (Available Profiles: Josh and Kristie & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [2761024 2012-02-22] (Piriform Ltd)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-28] (Google Inc.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe [46525608 2015-08-06] (Safer-Networking Ltd.                                       )
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
Startup: C:\Users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2014-03-06] ()
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2CD02AB2-7135-4B18-A97C-FA22ABCBAA62}: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default
FF NewTab: hxxp://www.swagbucks.com
FF DefaultSearchEngine: Swagbucks
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Swagbucks
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1765777517-4217830844-774448315-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-31] (Apple Inc.)
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\good-search.xml [2011-03-30]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\goodsearch.xml [2012-04-02]
FF Extension: No Name - C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}.oldbackup [2013-02-13]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-07]

Chrome:
=======
CHR Profile: C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Google Search) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (Google Sheets) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Gmail) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Josh and Kristie\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx <not found>
CHR HKU\S-1-5-21-1765777517-4217830844-774448315-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files\Goodshop app\Chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-21] (Avanquest Software) [File not signed]
S3 CamdAudio; C:\Windows\System32\drivers\CamdAudio.sys [23608 2011-04-01] (Windows ® Codename Longhorn DDK provider)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2014-06-06] (FTDI Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
S3 PSMNNET61; system32\DRIVERS\PSMNNET61.sys [X]
S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 09:42 - 2015-08-10 09:42 - 01674752 _____ (Farbar) C:\Users\Josh and Kristie\Desktop\FRST.exe
2015-08-07 07:13 - 2015-08-10 09:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-06 17:14 - 2015-08-06 17:18 - 00006670 _____ C:\Windows\DPINST.LOG
2015-08-06 16:33 - 2015-08-06 16:34 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe
2015-08-06 16:30 - 2015-08-06 18:30 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\CrashDumps
2015-08-06 16:13 - 2015-08-06 16:13 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-06 14:03 - 2015-08-06 19:32 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-06 14:03 - 2015-08-06 16:10 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-06 14:02 - 2015-08-06 14:03 - 18718280 _____ C:\Users\Josh and Kristie\Downloads\RogueKiller.exe
2015-08-06 13:58 - 2015-08-06 13:58 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Josh and Kristie\Downloads\tdsskiller(1).exe
2015-08-06 13:39 - 2015-08-06 13:39 - 02870984 _____ (ESET) C:\Users\Josh and Kristie\Downloads\esetsmartinstaller_enu.exe
2015-08-06 12:27 - 2015-08-06 18:29 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 12:27 - 2015-08-06 16:20 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 12:27 - 2015-08-06 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 12:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 12:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-06 12:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-06 12:26 - 2015-08-06 12:41 - 00000932 _____ C:\Users\Josh and Kristie\Desktop\Install Kaspersky Anti-Virus version 15.0.2.361.lnk
2015-08-06 12:26 - 2015-08-06 12:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-08-06 07:28 - 2015-08-06 07:28 - 00000000 ____D C:\Program Files\ESET
2015-08-05 09:19 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-05 09:19 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-05 09:18 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-04 20:05 - 2015-08-04 20:05 - 00000000 ____D C:\SUPERDelete
2015-08-04 20:01 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-04 16:14 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-04 16:14 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-08-04 16:14 - 2015-08-04 16:14 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-04 15:58 - 2015-08-04 15:58 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\IsolatedStorage
2015-08-04 15:57 - 2015-08-04 15:57 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Chromium
2015-08-04 15:38 - 2015-08-04 15:38 - 00000000 ____D C:\ProgramData\Google
2015-08-04 10:58 - 2015-08-04 10:58 - 00048454 _____ C:\Users\Josh and Kristie\Desktop\JRT.txt
2015-08-04 09:58 - 2015-08-04 09:59 - 00049437 _____ C:\Users\Josh and Kristie\Desktop\Addition.txt
2015-08-04 09:57 - 2015-08-10 09:46 - 00017701 _____ C:\Users\Josh and Kristie\Desktop\FRST.txt
2015-08-04 09:48 - 2015-08-04 09:49 - 00049259 _____ C:\Users\Josh and Kristie\Downloads\Addition.txt
2015-08-04 09:47 - 2015-08-04 09:49 - 00043501 _____ C:\Users\Josh and Kristie\Downloads\FRST.txt
2015-08-04 09:41 - 2015-08-10 09:46 - 00000000 ____D C:\FRST
2015-08-02 21:22 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-29 23:24 - 2015-07-29 23:26 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\AvgSetupLog
2015-07-29 23:19 - 2015-08-06 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-29 23:03 - 2015-07-29 23:03 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150729.230329.1500.zip
2015-07-29 17:49 - 2015-07-30 09:46 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 10:41 - 2015-07-29 10:41 - 00000330 _____ C:\Users\Josh and Kristie\Desktop\quarantine.txt
2015-07-28 19:31 - 2015-07-28 19:33 - 00008192 ___SH C:\Users\Josh and Kristie\Documents\Thumbs.db
2015-07-28 15:55 - 2015-07-28 15:55 - 00000000 ____D C:\ProgramData\Emsisoft
2015-07-28 15:33 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-07-28 15:24 - 2015-07-28 15:30 - 159508608 _____ (Emsisoft Ltd. ) C:\Users\Josh and Kristie\Downloads\EmsisoftAntiMalwareSetup.exe
2015-07-28 15:15 - 2015-07-28 15:15 - 01020834 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.151503.2068.log
2015-07-28 15:15 - 2015-07-28 15:15 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.151503.2068.zip
2015-07-28 15:09 - 2015-07-28 15:09 - 02040972 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150915.1728.log
2015-07-28 15:09 - 2015-07-28 15:09 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150915.1728.zip
2015-07-28 15:04 - 2015-07-28 15:04 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150429.940.zip
2015-07-28 13:52 - 2015-08-04 10:01 - 00000000 ____D C:\AdwCleaner
2015-07-28 11:35 - 2015-07-28 11:35 - 00007605 _____ C:\Users\Josh and Kristie\AppData\Local\Resmon.ResmonCfg
2015-07-27 18:16 - 2015-08-06 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-27 18:08 - 2015-07-27 18:08 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-27 17:26 - 2015-07-27 17:26 - 00000000 ____D C:\Users\Josh and Kristie\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 09:39 - 2012-05-04 09:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-06 18:39 - 2015-06-02 16:46 - 00016620 _____ C:\Windows\PFRO.log
2015-08-06 18:37 - 2015-02-18 16:44 - 01871748 _____ C:\Windows\WindowsUpdate.log
2015-08-06 18:32 - 2014-03-06 10:04 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Deployment
2015-08-06 18:29 - 2012-02-28 22:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 18:17 - 2012-02-28 22:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 18:16 - 2009-07-13 23:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 18:16 - 2009-07-13 23:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 18:08 - 2015-05-17 01:00 - 00001434 _____ C:\Windows\setupact.log
2015-08-06 18:08 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SchCache
2015-08-06 17:13 - 2011-05-04 12:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-06 16:16 - 2014-06-09 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-06 16:16 - 2014-06-09 10:10 - 00000000 ____D C:\Program Files\Coupons
2015-08-06 14:28 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 14:28 - 2014-12-10 05:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-06 14:28 - 2014-04-30 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\L2Schemas
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\Services
2015-08-06 14:26 - 2014-11-19 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-06 14:26 - 2013-09-12 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-06 14:26 - 2013-09-12 09:56 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-06 14:26 - 2012-07-15 16:44 - 00000000 ____D C:\Users\Josh and Kristie\Downloads\ipodgetter
2015-08-06 14:26 - 2010-10-23 12:52 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-08-06 14:26 - 2010-10-20 20:49 - 00000000 ____D C:\ProgramData\MFAData
2015-08-06 14:26 - 2010-08-29 18:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-06 14:26 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-06 14:26 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-06 14:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-08-06 13:59 - 2014-03-06 10:04 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Apps\2.0
2015-08-06 13:59 - 2012-02-28 22:24 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Google
2015-08-06 13:58 - 2015-03-14 10:26 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-06 13:57 - 2010-08-29 18:42 - 00000000 ____D C:\Program Files\AVG
2015-08-06 13:37 - 2011-05-08 21:42 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-06 13:37 - 2010-08-29 18:21 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-06 13:08 - 2014-11-15 19:45 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieBrowserModeList
2015-08-06 13:08 - 2014-05-03 14:47 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieUserList
2015-08-06 13:08 - 2014-05-03 14:47 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieSiteList
2015-08-06 12:26 - 2013-05-01 14:11 - 00006100 _____ C:\Users\Josh and Kristie\Desktop\Rkill.txt
2015-08-06 12:22 - 2010-08-29 18:01 - 00000000 ____D C:\Users\Josh and Kristie
2015-08-06 11:31 - 2009-07-14 02:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-04 09:01 - 2011-09-14 18:32 - 00836608 ___SH C:\Users\Josh and Kristie\Downloads\Thumbs.db
2015-08-01 12:59 - 2015-06-03 15:59 - 00000000 ____D C:\found.001
2015-08-01 10:14 - 2015-05-18 19:25 - 00000000 ____D C:\Users\Josh and Kristie\Desktop\Newspaper
2015-07-29 23:26 - 2014-03-12 08:05 - 00000000 ____D C:\ProgramData\AVG
2015-07-29 23:24 - 2015-06-02 08:16 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Avg
2015-07-28 15:34 - 2010-09-06 10:51 - 00000000 ____D C:\Users\Josh and Kristie\.nbi
2015-07-28 15:30 - 2011-05-04 12:49 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Roaming\Apple Computer
2015-07-28 15:12 - 2012-02-21 20:59 - 01063936 ___SH C:\Users\Josh and Kristie\Desktop\Thumbs.db
2015-07-27 18:16 - 2012-02-28 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-15 10:05 - 2013-08-15 03:20 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-10-07 10:16 - 2014-10-07 10:16 - 0000042 _____ () C:\Users\Josh and Kristie\AppData\Roaming\adskey.txt
2013-11-10 14:34 - 2013-11-10 14:35 - 0000004 _____ () C:\Users\Josh and Kristie\AppData\Roaming\cache.ini
2013-01-08 11:45 - 2013-01-08 11:45 - 0022276 _____ () C:\Users\Josh and Kristie\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-01-25 09:19 - 2012-01-26 15:09 - 0022621 _____ () C:\Users\Josh and Kristie\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-02-27 12:28 - 2013-09-12 18:31 - 0000600 _____ () C:\Users\Josh and Kristie\AppData\Roaming\winscp.rnd
2015-05-13 16:18 - 2015-05-13 16:18 - 0003584 _____ () C:\Users\Josh and Kristie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-10 13:55 - 2011-04-10 13:55 - 0114688 ___SH (Microsoft Corporation) C:\Users\Josh and Kristie\AppData\Local\fkn.exe
2011-04-10 13:55 - 2011-04-10 13:55 - 0114688 ___SH (Microsoft Corporation) C:\Users\Josh and Kristie\AppData\Local\iqo.exe
2015-07-28 11:35 - 2015-07-28 11:35 - 0007605 _____ () C:\Users\Josh and Kristie\AppData\Local\Resmon.ResmonCfg
2014-09-12 19:33 - 2014-09-15 18:55 - 0969284 _____ () C:\ProgramData\Spark.log

Files to move or delete:
====================
C:\Users\Josh and Kristie\AppData\Roaming\cache.ini


Some files in TEMP:
====================
C:\Users\Josh and Kristie\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 00:26

==================== End of log ============================

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by Josh and Kristie (2015-08-10 09:47:13)
Running from C:\Users\Josh and Kristie\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1765777517-4217830844-774448315-500 - Administrator - Disabled)
Guest (S-1-5-21-1765777517-4217830844-774448315-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1765777517-4217830844-774448315-1009 - Limited - Enabled)
Josh and Kristie (S-1-5-21-1765777517-4217830844-774448315-1000 - Administrator - Enabled) => C:\Users\Josh and Kristie
UpdatusUser (S-1-5-21-1765777517-4217830844-774448315-1011 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Big Brainz Home (HKLM\...\Big Brainz Home 2.0.1) (Version: 2.0.1 - Big Brainz)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fitbit Connect (HKLM\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
iPod for Windows 2005-10-12 (HKLM\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-10-12 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
J2SE Development Kit 5.0 Update 22 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150220}) (Version: 1.5.0.220 - Sun Microsystems, Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java™ SE Development Kit 6 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160210}) (Version: 1.6.0.210 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nancy Drew: Message in a Haunted Mansion (HKLM\...\{78B55A60-5E51-11D4-A766-00C00C02EDEF}) (Version:  - )
NetBeans IDE 6.9.1 (HKLM\...\nbi-nb-base-6.9.1.0.0-1) (Version: 6.9.1 - NetBeans.org)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sansa Updater (HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1765777517-4217830844-774448315-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

==================== Restore Points =========================

20-05-2015 03:00:52 Windows Update
28-05-2015 00:00:13 Scheduled Checkpoint
05-06-2015 00:00:45 Scheduled Checkpoint
11-06-2015 03:00:50 Windows Update
12-06-2015 07:53:15 Removed AVG 2015
12-06-2015 07:55:14 Removed AVG 2015
20-06-2015 00:00:18 Scheduled Checkpoint
27-06-2015 13:45:23 Scheduled Checkpoint
05-07-2015 00:00:07 Scheduled Checkpoint
13-07-2015 00:00:23 Scheduled Checkpoint
16-07-2015 03:00:25 Windows Update
21-07-2015 03:00:24 Windows Update
29-07-2015 17:04:58 Windows Update
02-08-2015 21:30:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-08-06 15:45 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ACAAA7C-5896-4F11-983D-65552B057F96} - System32\Tasks\{367F4757-385A-41F6-8078-F732F816109E} => pcalua.exe -a "C:\Users\Josh and Kristie\Downloads\lolinst3853412.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {32F92913-7A21-4709-9B54-4F4524EF78FD} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {425AC232-105E-432C-B31E-4DAB4F25A375} - System32\Tasks\{CD1033F1-D9A1-464E-9A02-36D699BCB62A} => pcalua.exe -a "C:\Users\Josh and Kristie\Downloads\setup.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {50728C13-2E98-48C7-BD11-79BB8FA32EE0} - System32\Tasks\Sansa Dispatch => C:\Users\Josh and Kristie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2013-05-06] (SanDisk Corporation)
Task: {54258120-05D7-4C69-9357-C55C4477E89E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {5F27DF91-D32D-4B21-850B-557A2045599B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {6EA7FA9F-36FA-4B24-B5EB-6BD772DCD50E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {92123D31-F98E-4E73-95D5-F16F3EC84469} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9CD249F5-350C-4BBA-B5EF-AF321FD0760E} - System32\Tasks\{2D626730-41D9-4A5F-B1D5-10B22B26FE53} => pcalua.exe -a "C:\Program Files\NetBeans 6.9.1\uninstall.exe"
Task: {BD1BD611-0F55-427D-83C0-04B3AAD9C31A} - System32\Tasks\B2CNotiAgent => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
Task: {D9B9BE52-1382-47B0-9406-0B29BD3BCDC1} - System32\Tasks\{57514DA7-9DCE-4732-BAEA-45F8DBF133C4} => pcalua.exe -a "F:\NetBeans 6.7.1\uninstall.exe" -d "F:\NetBeans 6.7.1"
Task: {E11E0CC9-5ECF-425A-AF6C-D383FCCA6656} - System32\Tasks\AdobeAAMUpdater-1.0-Home-Josh and Kristie => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E284F3F8-FB3F-4BD1-B8A2-68D645653B37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x010601008290D41E90E88F43BA23E1FFBD89738C460036020000000000000000200000000014730F0000000003130400002000010000000000000000000000000000000000003C0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF0707001B0000000000000000001E0000000000000000000000000002000000010008000000000000000000

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:ED51D3ED
AlternateDataStreams: C:\ProgramData\TEMP:EEB25EAE

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Josh and Kristie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: fssui => "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D26D22C8-5050-42EC-9CD9-E74CFAAB9BA1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7346135C-2931-4761-9404-71425C83F169}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A125DD07-E75C-4A84-844C-2063018C89FD}] => (Allow) LPort=2869
FirewallRules: [{2E94ED62-72AF-46FA-ADD3-EA29D6FA0012}] => (Allow) LPort=1900
FirewallRules: [{F057AA7C-9CB0-4795-BBD4-9233DCD17A4A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8CB7028F-46B4-40C5-A02B-7F6EAE8D51B6}] => (Allow) LPort=58477
FirewallRules: [{F2590BBD-B559-4EA9-96F7-81C0CF40AA77}] => (Allow) LPort=5000
FirewallRules: [{6A4239C6-0DBE-4213-9311-701DF19350EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F21CC67-BA21-490D-8039-A641022193C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{25318EC3-E87E-4313-95BC-FD15243BD6DF}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{3EBF2E98-82A1-46FD-9C37-5E3CC0B7227C}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{590E97B2-E853-439F-BE32-FB24C59BC2B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E6689C22-7EBF-4D6A-A77E-D43D0D8D740F}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A52C14BC-16AD-4A30-B9B7-A248B8BD1110}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{336955D9-E920-46E5-8CEC-A806164889D4}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{6BE15131-47D8-4D0D-8D13-6F135E93AD8E}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{9929F627-5765-40FA-9490-F4B94BADFFDC}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{D9BC4FE7-2557-49DF-9A14-58F5681E7628}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B69E581E-75A5-4314-B0AD-E7E24137E2F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EFA58EFB-4A0F-4671-9798-09FECE0141E6}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DBC38B0E-B781-4F6B-8D3A-86DE029E01C1}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0CB2628C-F41E-4DFA-BCBA-977FCA42B706}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DB7AE223-E72D-464E-A4A2-FC98032C03DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{0AD907AF-89AD-4F25-9122-04CCA41DCC13}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{B38A9C5A-A8AA-404B-BAE7-21BECC678DEB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6B805E08-E2B5-4D6E-9BFC-FB2A930175DD}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2015 06:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp: 0x51f0ed9e
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x4c0
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/06/2015 06:06:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/06/2015 05:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.1.21.129, time stamp: 0x51dd1105
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0xd78
Faulting application start time: 0xSDWelcome.exe0
Faulting application path: SDWelcome.exe1
Faulting module path: SDWelcome.exe2
Report Id: SDWelcome.exe3

Error: (08/06/2015 05:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/06/2015 05:08:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp: 0x51f0ed9e
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x1274
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/06/2015 04:30:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.1.21.129, time stamp: 0x51dd1105
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x28c
Faulting application start time: 0xSDWelcome.exe0
Faulting application path: SDWelcome.exe1
Faulting module path: SDWelcome.exe2
Report Id: SDWelcome.exe3

Error: (08/06/2015 01:01:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x49c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/06/2015 12:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x4bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/06/2015 12:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x650
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/06/2015 12:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x460
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (08/10/2015 09:45:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:45:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:45:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:43:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:43:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:43:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:43:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (08/10/2015 09:43:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (08/10/2015 09:38:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 09:38:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (12/11/2011 07:53:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/06/2011 10:48:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 09:46:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity:
===================================
  Date: 2015-07-28 12:58:09.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:58:09.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:58:08.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:42.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:33.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:29.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:56.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:56.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:55.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:55.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 34%
Total physical RAM: 1982.49 MB
Available physical RAM: 1300 MB
Total Virtual: 3964.98 MB
Available Virtual: 3350.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:153.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.17 GB) NTFS
Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End of log ============================

 

I have saved the Summary log, but everytime I right click on the file I get an error saying Windows Explorer stopped working, so I'm unable to zip and attach the file. 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 10:56 AM

Hi Kristie, nice to meet you.

Great job in working around your difficulties to get the file to your desktop. :thumbsup2:

Hold off on the System Summary for now.

Please consider and do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search & Destroy

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
F user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
S3 PSMNNET61; system32\DRIVERS\PSMNNET61.sys [X]
S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
C:\Users\Josh and Kristie\AppData\Roaming\cache.ini
C:\Users\Josh and Kristie\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:ED51D3ED
AlternateDataStreams: C:\ProgramData\TEMP:EEB25EAE
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Spybot uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 11:54 AM

I am unable to unistall any programs, when I try I get an internal error saying the the utCompiledCode cannot work with this version of unistaller. 

 

I copied the text file and saved it on the desktop and ran FRST.  The first time it said that the text file was located in the same directory as FRST and the computer needed to be restarted(suspicious).  I ok'ed it, and restarted in safe mode.  The text file was gone and so I recopied and saved to the desktop, ran FRST and this time recieved an error message saying verbatum "Looks you don't know what to do.  To prevent damage to the system tool will exit."  I hit "x" instead of ok hoping that I could still run FRST, but that closed the program as well. 

 

I forgot to mention that I tried unistalling Spybot at the beginning of this because I noticed I got a notification box about Spybot being an "unknown version" and that it expired in 1899 or something like that.  It seems like whatever is on my computer is mimicking all of my legit antivirus programs and making me think they've either removed all the junk on my computer or just shutting me down all together and it seems to be constantly changing my system settings in response to things that I do.  When I first ran FRST, it ran no problem.  This second time you asked me to run it, I got a popup asking if I would like to run this program with the check boxes for "always" or "just once."  I have noticed there is a dllhost.exe/COM surrogate and a ctfmon.exe process running.  It seems when I end these processes I don't have as many issues. I just ended those processes to see if I could get FRST to run and I no longer recieved the box asking if I was sure I wanted to run the program, but I still recieved the same warning when trying to run "fix." 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 12:16 PM

Thanks for the detailed description. Run the below program and then see if you can run the Fixlist.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • Were you able to run FRST and produce a Fixlog?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 12:35 PM

RKILL LOG:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2015 12:30:25 PM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

Checking Windows Service Integrity:

 

And I am still getting the same warning when trying to run "fix" in FRST.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 01:00 PM

Thanks for trying. We are going to attempt it a different way. I have added some entries, including those related to Spybot.

Please do this.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
F user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
S3 PSMNNET61; system32\DRIVERS\PSMNNET61.sys [X]
S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
C:\Users\Josh and Kristie\AppData\Roaming\cache.ini
C:\Users\Josh and Kristie\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:ED51D3ED
AlternateDataStreams: C:\ProgramData\TEMP:EEB25EAE
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
C:\Program Files\Spybot - Search & Destroy 2
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe [46525608 2015-08-06] (Safer-Networking Ltd.  
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
2015-08-06 16:33 - 2015-08-06 16:34 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe
2015-07-27 18:08 - 2015-07-27 18:08 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-06 14:26 - 2013-09-12 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-06 14:26 - 2010-08-29 18:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {92123D31-F98E-4E73-95D5-F16F3EC84469} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x010601008290D41E90E88F43BA23E1FFBD89738C460036020000000000000000200000000014730F0000000003130400002000010000000000000000000000000000000000003C0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF0707001B0000000000000000001E0000000000000000000000000002000000010008000000000000000000
FirewallRules: [TCP Query User{6BE15131-47D8-4D0D-8D13-6F135E93AD8E}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{9929F627-5765-40FA-9490-F4B94BADFFDC}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below. Step #1 is to boot into the System Recovery Options and Step #2 is running Farbar's Recover Scan Tool
----------

Step #1 - Entering System Recovery Options

Option #1 (Windows7/Vista)

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #2 (Windows 7/Vista)

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Step #2 - Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 03:00 PM

Disclaimer:  I am only using my infected computer in safe mode with networking, so everything you've told me to download was done from the infected computer.  I don't have anything else at my disposal.  Let me know if this is a problem and I"ll see what I can do about that.  However, this seemed to have allowed me to run "fix" in FRST. 

 

FIX LOG:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by SYSTEM (2015-08-10 14:53:34) Run:2
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File not found
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
F user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNMDMVSP; system32\DRIVERS\PSMNMDMVSP.sys [X]
S3 PSMNMSMVSP; system32\DRIVERS\PSMNMSMVSP.sys [X]
S3 PSMNNET61; system32\DRIVERS\PSMNNET61.sys [X]
S3 PSMNRMNET; system32\DRIVERS\PSMNRMNET.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
C:\Users\Josh and Kristie\AppData\Roaming\cache.ini
C:\Users\Josh and Kristie\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:ED51D3ED
AlternateDataStreams: C:\ProgramData\TEMP:EEB25EAE
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
C:\Program Files\Spybot - Search & Destroy 2
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe [46525608 2015-08-06] (Safer-Networking Ltd.  
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
2015-08-06 16:33 - 2015-08-06 16:34 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe
2015-07-27 18:08 - 2015-07-27 18:08 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-06 14:26 - 2013-09-12 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-06 14:26 - 2010-08-29 18:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {92123D31-F98E-4E73-95D5-F16F3EC84469} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x010601008290D41E90E88F43BA23E1FFBD89738C460036020000000000000000200000000014730F0000000003130400002000010000000000000000000000000000000000003C0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF0707001B0000000000000000001E0000000000000000000000000002000000010008000000000000000000
FirewallRules: [TCP Query User{6BE15131-47D8-4D0D-8D13-6F135E93AD8E}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{9929F627-5765-40FA-9490-F4B94BADFFDC}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value not found.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data not found.
"C:\Windows\System32\GroupPolicy\Machine" => File/Folder not found.
"C:\Windows\System32\GroupPolicy\User" => File/Folder not found.
URLSearchHook: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File => Error: The entry should be fixed outside recovery mode.
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File => Error: The entry should be fixed outside recovery mode.
F user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12] => Error: No automatic fix found for this entry.
PSMNBUS => service not found.
PSMNMDM => service not found.
PSMNMDMVSP => service not found.
PSMNMSMVSP => service not found.
PSMNNET61 => service not found.
PSMNRMNET => service not found.
usbbus => service not found.
UsbDiag => service not found.
UsbGps => service not found.
USBModem => service not found.
"C:\Users\Josh and Kristie\AppData\Roaming\cache.ini" => File/Folder not found.
"C:\Users\Josh and Kristie\AppData\Local\Temp\dllnt_dump.dll" => File/Folder not found.
"C:\ProgramData\TEMP" => ":5D351BC6" ADS not found.
"C:\ProgramData\TEMP" => ":A7DA2BCD" ADS not found.
"C:\ProgramData\TEMP" => ":ED51D3ED" ADS not found.
"C:\ProgramData\TEMP" => ":EEB25EAE" ADS not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SDTray => value removed successfully.
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully.
SDScannerService => service removed successfully.
SDUpdateService => service removed successfully.
SDWSCService => service removed successfully.
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning => value not found.
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Install Spybot - Search & Destroy => value not found.
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263 => Error: The entry should be fixed outside recovery mode.
C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe => moved successfully.
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 => moved successfully.
C:\ProgramData\Spybot - Search & Destroy => moved successfully.
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.) => Error: The entry should be fixed outside recovery mode.
Task: {92123D31-F98E-4E73-95D5-F16F3EC84469} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.) => Error: The entry should be fixed outside recovery mode.
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.) => Error: The entry should be fixed outside recovery mode.
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x010601008290D41E90E88F43BA23E1FFBD89738C460036020000000000000000200000000014730F0000000003130400002000010000000000000000000000000000000000003C0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF0707001B0000000000000000001E0000000000000000000000000002000000010008000000000000000000 => Error: The entry should be fixed outside recovery mode.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6BE15131-47D8-4D0D-8D13-6F135E93AD8E}C:\program files\spybot - search & destroy 2\sdupdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9929F627-5765-40FA-9490-F4B94BADFFDC}C:\program files\spybot - search & destroy 2\sdupdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.

==== End of Fixlog 14:53:45 ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 03:16 PM

You are doing great.

Please run a fresh FRST scan including Addition.txt. Copy and paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 03:29 PM

Thanks! 

 

FRST SCAN:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015
Ran by Josh and Kristie (administrator) on HOME (10-08-2015 15:24:43)
Running from F:\
Loaded Profiles: Josh and Kristie (Available Profiles: Josh and Kristie & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [2761024 2012-02-22] (Piriform Ltd)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-28] (Google Inc.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => "C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe"
Startup: C:\Users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2014-03-06] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2CD02AB2-7135-4B18-A97C-FA22ABCBAA62}: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default
FF NewTab: hxxp://www.swagbucks.com
FF DefaultSearchEngine: Swagbucks
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Swagbucks
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1765777517-4217830844-774448315-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-31] (Apple Inc.)
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\good-search.xml [2011-03-30]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\goodsearch.xml [2012-04-02]
FF Extension: No Name - C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}.oldbackup [2013-02-13]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-07]

Chrome:
=======
CHR Profile: C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-05]
CHR Extension: (Google Docs) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-05]
CHR Extension: (Google Drive) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-05]
CHR Extension: (Google Search) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-05]
CHR Extension: (Google Sheets) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-05]
CHR Extension: (Gmail) - C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-05]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Josh and Kristie\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx <not found>
CHR HKU\S-1-5-21-1765777517-4217830844-774448315-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files\Goodshop app\Chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-21] (Avanquest Software) [File not signed]
S3 CamdAudio; C:\Windows\System32\drivers\CamdAudio.sys [23608 2011-04-01] (Windows ® Codename Longhorn DDK provider)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2014-06-06] (FTDI Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 14:45 - 2015-08-10 14:45 - 01674752 _____ (Farbar) C:\Users\Josh and Kristie\Downloads\FRST.exe
2015-08-10 12:24 - 2015-08-10 12:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Josh and Kristie\Downloads\rkill.scr
2015-08-10 11:42 - 2015-08-10 11:42 - 00002089 _____ C:\Users\Josh and Kristie\Desktop\fixlist.txt
2015-08-10 09:58 - 2015-08-10 10:04 - 01706572 _____ C:\Users\Josh and Kristie\Desktop\Summary.nfo
2015-08-10 09:42 - 2015-08-10 09:42 - 01674752 _____ (Farbar) C:\Users\Josh and Kristie\Desktop\FRST.exe
2015-08-07 07:13 - 2015-08-10 09:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-06 17:14 - 2015-08-06 17:18 - 00006670 _____ C:\Windows\DPINST.LOG
2015-08-06 16:30 - 2015-08-10 12:28 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\CrashDumps
2015-08-06 16:13 - 2015-08-06 16:13 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-06 14:03 - 2015-08-06 19:32 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-06 14:03 - 2015-08-06 16:10 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-06 14:02 - 2015-08-06 14:03 - 18718280 _____ C:\Users\Josh and Kristie\Downloads\RogueKiller.exe
2015-08-06 13:58 - 2015-08-06 13:58 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Josh and Kristie\Downloads\tdsskiller(1).exe
2015-08-06 13:39 - 2015-08-06 13:39 - 02870984 _____ (ESET) C:\Users\Josh and Kristie\Downloads\esetsmartinstaller_enu.exe
2015-08-06 12:27 - 2015-08-10 12:26 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 12:27 - 2015-08-06 16:20 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 12:27 - 2015-08-06 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 12:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 12:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-06 12:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-06 12:26 - 2015-08-06 12:41 - 00000932 _____ C:\Users\Josh and Kristie\Desktop\Install Kaspersky Anti-Virus version 15.0.2.361.lnk
2015-08-06 12:26 - 2015-08-06 12:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-08-06 07:28 - 2015-08-06 07:28 - 00000000 ____D C:\Program Files\ESET
2015-08-05 09:19 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-05 09:19 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-05 09:18 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-04 20:05 - 2015-08-04 20:05 - 00000000 ____D C:\SUPERDelete
2015-08-04 20:01 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-04 16:14 - 2015-08-06 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-04 16:14 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-08-04 16:14 - 2015-08-04 16:14 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-04 15:58 - 2015-08-04 15:58 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\IsolatedStorage
2015-08-04 15:57 - 2015-08-04 15:57 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Chromium
2015-08-04 15:38 - 2015-08-04 15:38 - 00000000 ____D C:\ProgramData\Google
2015-08-04 09:58 - 2015-08-10 09:48 - 00043170 _____ C:\Users\Josh and Kristie\Desktop\Addition.txt
2015-08-04 09:57 - 2015-08-10 09:48 - 00031407 _____ C:\Users\Josh and Kristie\Desktop\FRST.txt
2015-08-04 09:48 - 2015-08-04 09:49 - 00049259 _____ C:\Users\Josh and Kristie\Downloads\Addition.txt
2015-08-04 09:47 - 2015-08-04 09:49 - 00043501 _____ C:\Users\Josh and Kristie\Downloads\FRST.txt
2015-08-04 09:41 - 2015-08-10 15:24 - 00000000 ____D C:\FRST
2015-08-02 21:22 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-29 23:24 - 2015-07-29 23:26 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\AvgSetupLog
2015-07-29 23:19 - 2015-08-06 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-29 23:03 - 2015-07-29 23:03 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150729.230329.1500.zip
2015-07-29 17:49 - 2015-07-30 09:46 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-28 19:31 - 2015-07-28 19:33 - 00008192 ___SH C:\Users\Josh and Kristie\Documents\Thumbs.db
2015-07-28 15:55 - 2015-07-28 15:55 - 00000000 ____D C:\ProgramData\Emsisoft
2015-07-28 15:33 - 2015-08-06 12:36 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-07-28 15:24 - 2015-07-28 15:30 - 159508608 _____ (Emsisoft Ltd. ) C:\Users\Josh and Kristie\Downloads\EmsisoftAntiMalwareSetup.exe
2015-07-28 15:15 - 2015-07-28 15:15 - 01020834 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.151503.2068.log
2015-07-28 15:15 - 2015-07-28 15:15 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.151503.2068.zip
2015-07-28 15:09 - 2015-07-28 15:09 - 02040972 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150915.1728.log
2015-07-28 15:09 - 2015-07-28 15:09 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150915.1728.zip
2015-07-28 15:04 - 2015-07-28 15:04 - 00000022 _____ C:\Users\Josh and Kristie\Downloads\ESETPoweliksCleaner.exe_20150728.150429.940.zip
2015-07-28 13:52 - 2015-08-04 10:01 - 00000000 ____D C:\AdwCleaner
2015-07-28 11:35 - 2015-07-28 11:35 - 00007605 _____ C:\Users\Josh and Kristie\AppData\Local\Resmon.ResmonCfg
2015-07-27 18:16 - 2015-08-06 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-27 17:26 - 2015-07-27 17:26 - 00000000 ____D C:\Users\Josh and Kristie\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 14:44 - 2010-08-29 18:04 - 00874306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-10 12:33 - 2013-05-01 14:11 - 00001850 _____ C:\Users\Josh and Kristie\Desktop\Rkill.txt
2015-08-10 11:39 - 2015-06-02 16:46 - 00016974 _____ C:\Windows\PFRO.log
2015-08-10 11:38 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-10 09:39 - 2012-05-04 09:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-06 18:37 - 2015-02-18 16:44 - 01871748 _____ C:\Windows\WindowsUpdate.log
2015-08-06 18:32 - 2014-03-06 10:04 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Deployment
2015-08-06 18:29 - 2012-02-28 22:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 18:17 - 2012-02-28 22:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 18:16 - 2009-07-13 23:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 18:16 - 2009-07-13 23:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 18:08 - 2015-05-17 01:00 - 00001434 _____ C:\Windows\setupact.log
2015-08-06 18:08 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 18:07 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SchCache
2015-08-06 17:13 - 2011-05-04 12:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-06 16:16 - 2014-06-09 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-06 16:16 - 2014-06-09 10:10 - 00000000 ____D C:\Program Files\Coupons
2015-08-06 14:28 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 14:28 - 2014-12-10 05:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-06 14:28 - 2014-04-30 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\L2Schemas
2015-08-06 14:28 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\Services
2015-08-06 14:26 - 2014-11-19 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-06 14:26 - 2012-07-15 16:44 - 00000000 ____D C:\Users\Josh and Kristie\Downloads\ipodgetter
2015-08-06 14:26 - 2010-10-23 12:52 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-08-06 14:26 - 2010-10-20 20:49 - 00000000 ____D C:\ProgramData\MFAData
2015-08-06 14:26 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-06 14:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-08-06 13:59 - 2014-03-06 10:04 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Apps\2.0
2015-08-06 13:59 - 2012-02-28 22:24 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Google
2015-08-06 13:58 - 2015-03-14 10:26 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-06 13:57 - 2010-08-29 18:42 - 00000000 ____D C:\Program Files\AVG
2015-08-06 13:37 - 2011-05-08 21:42 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-06 13:37 - 2010-08-29 18:21 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-06 13:08 - 2014-11-15 19:45 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieBrowserModeList
2015-08-06 13:08 - 2014-05-03 14:47 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieUserList
2015-08-06 13:08 - 2014-05-03 14:47 - 00000000 __SHD C:\Users\Josh and Kristie\AppData\Local\EmieSiteList
2015-08-06 12:22 - 2010-08-29 18:01 - 00000000 ____D C:\Users\Josh and Kristie
2015-08-06 11:31 - 2009-07-14 02:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-04 09:01 - 2011-09-14 18:32 - 00836608 ___SH C:\Users\Josh and Kristie\Downloads\Thumbs.db
2015-08-01 12:59 - 2015-06-03 15:59 - 00000000 ____D C:\found.001
2015-08-01 10:14 - 2015-05-18 19:25 - 00000000 ____D C:\Users\Josh and Kristie\Desktop\Newspaper
2015-07-29 23:26 - 2014-03-12 08:05 - 00000000 ____D C:\ProgramData\AVG
2015-07-29 23:24 - 2015-06-02 08:16 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Local\Avg
2015-07-28 15:34 - 2010-09-06 10:51 - 00000000 ____D C:\Users\Josh and Kristie\.nbi
2015-07-28 15:30 - 2011-05-04 12:49 - 00000000 ____D C:\Users\Josh and Kristie\AppData\Roaming\Apple Computer
2015-07-28 15:12 - 2012-02-21 20:59 - 01063936 ___SH C:\Users\Josh and Kristie\Desktop\Thumbs.db
2015-07-27 18:16 - 2012-02-28 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-15 10:05 - 2013-08-15 03:20 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-10-07 10:16 - 2014-10-07 10:16 - 0000042 _____ () C:\Users\Josh and Kristie\AppData\Roaming\adskey.txt
2013-01-08 11:45 - 2013-01-08 11:45 - 0022276 _____ () C:\Users\Josh and Kristie\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-01-25 09:19 - 2012-01-26 15:09 - 0022621 _____ () C:\Users\Josh and Kristie\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-02-27 12:28 - 2013-09-12 18:31 - 0000600 _____ () C:\Users\Josh and Kristie\AppData\Roaming\winscp.rnd
2015-05-13 16:18 - 2015-05-13 16:18 - 0003584 _____ () C:\Users\Josh and Kristie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-10 13:55 - 2011-04-10 13:55 - 0114688 ___SH (Microsoft Corporation) C:\Users\Josh and Kristie\AppData\Local\fkn.exe
2011-04-10 13:55 - 2011-04-10 13:55 - 0114688 ___SH (Microsoft Corporation) C:\Users\Josh and Kristie\AppData\Local\iqo.exe
2015-07-28 11:35 - 2015-07-28 11:35 - 0007605 _____ () C:\Users\Josh and Kristie\AppData\Local\Resmon.ResmonCfg
2014-09-12 19:33 - 2014-09-15 18:55 - 0969284 _____ () C:\ProgramData\Spark.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 00:26

==================== End of log ============================

 

ADDITION SCAN:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by Josh and Kristie (2015-08-10 15:25:39)
Running from F:\
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1765777517-4217830844-774448315-500 - Administrator - Disabled)
Guest (S-1-5-21-1765777517-4217830844-774448315-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1765777517-4217830844-774448315-1009 - Limited - Enabled)
Josh and Kristie (S-1-5-21-1765777517-4217830844-774448315-1000 - Administrator - Enabled) => C:\Users\Josh and Kristie
UpdatusUser (S-1-5-21-1765777517-4217830844-774448315-1011 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Big Brainz Home (HKLM\...\Big Brainz Home 2.0.1) (Version: 2.0.1 - Big Brainz)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fitbit Connect (HKLM\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
iPod for Windows 2005-10-12 (HKLM\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-10-12 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
J2SE Development Kit 5.0 Update 22 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150220}) (Version: 1.5.0.220 - Sun Microsystems, Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java™ SE Development Kit 6 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160210}) (Version: 1.6.0.210 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nancy Drew: Message in a Haunted Mansion (HKLM\...\{78B55A60-5E51-11D4-A766-00C00C02EDEF}) (Version:  - )
NetBeans IDE 6.9.1 (HKLM\...\nbi-nb-base-6.9.1.0.0-1) (Version: 6.9.1 - NetBeans.org)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sansa Updater (HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1765777517-4217830844-774448315-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

==================== Restore Points =========================

20-05-2015 03:00:52 Windows Update
28-05-2015 00:00:13 Scheduled Checkpoint
05-06-2015 00:00:45 Scheduled Checkpoint
11-06-2015 03:00:50 Windows Update
12-06-2015 07:53:15 Removed AVG 2015
12-06-2015 07:55:14 Removed AVG 2015
20-06-2015 00:00:18 Scheduled Checkpoint
27-06-2015 13:45:23 Scheduled Checkpoint
05-07-2015 00:00:07 Scheduled Checkpoint
13-07-2015 00:00:23 Scheduled Checkpoint
16-07-2015 03:00:25 Windows Update
21-07-2015 03:00:24 Windows Update
29-07-2015 17:04:58 Windows Update
02-08-2015 21:30:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-08-06 15:45 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ACAAA7C-5896-4F11-983D-65552B057F96} - System32\Tasks\{367F4757-385A-41F6-8078-F732F816109E} => pcalua.exe -a "C:\Users\Josh and Kristie\Downloads\lolinst3853412.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {32F92913-7A21-4709-9B54-4F4524EF78FD} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {425AC232-105E-432C-B31E-4DAB4F25A375} - System32\Tasks\{CD1033F1-D9A1-464E-9A02-36D699BCB62A} => pcalua.exe -a "C:\Users\Josh and Kristie\Downloads\setup.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {50728C13-2E98-48C7-BD11-79BB8FA32EE0} - System32\Tasks\Sansa Dispatch => C:\Users\Josh and Kristie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2013-05-06] (SanDisk Corporation)
Task: {54258120-05D7-4C69-9357-C55C4477E89E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {5F27DF91-D32D-4B21-850B-557A2045599B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {6EA7FA9F-36FA-4B24-B5EB-6BD772DCD50E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {92123D31-F98E-4E73-95D5-F16F3EC84469} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {9CD249F5-350C-4BBA-B5EF-AF321FD0760E} - System32\Tasks\{2D626730-41D9-4A5F-B1D5-10B22B26FE53} => pcalua.exe -a "C:\Program Files\NetBeans 6.9.1\uninstall.exe"
Task: {BD1BD611-0F55-427D-83C0-04B3AAD9C31A} - System32\Tasks\B2CNotiAgent => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
Task: {D9B9BE52-1382-47B0-9406-0B29BD3BCDC1} - System32\Tasks\{57514DA7-9DCE-4732-BAEA-45F8DBF133C4} => pcalua.exe -a "F:\NetBeans 6.7.1\uninstall.exe" -d "F:\NetBeans 6.7.1"
Task: {E11E0CC9-5ECF-425A-AF6C-D383FCCA6656} - System32\Tasks\AdobeAAMUpdater-1.0-Home-Josh and Kristie => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E284F3F8-FB3F-4BD1-B8A2-68D645653B37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Josh and Kristie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: fssui => "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D26D22C8-5050-42EC-9CD9-E74CFAAB9BA1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7346135C-2931-4761-9404-71425C83F169}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A125DD07-E75C-4A84-844C-2063018C89FD}] => (Allow) LPort=2869
FirewallRules: [{2E94ED62-72AF-46FA-ADD3-EA29D6FA0012}] => (Allow) LPort=1900
FirewallRules: [{F057AA7C-9CB0-4795-BBD4-9233DCD17A4A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8CB7028F-46B4-40C5-A02B-7F6EAE8D51B6}] => (Allow) LPort=58477
FirewallRules: [{F2590BBD-B559-4EA9-96F7-81C0CF40AA77}] => (Allow) LPort=5000
FirewallRules: [{6A4239C6-0DBE-4213-9311-701DF19350EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F21CC67-BA21-490D-8039-A641022193C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{25318EC3-E87E-4313-95BC-FD15243BD6DF}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{3EBF2E98-82A1-46FD-9C37-5E3CC0B7227C}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{590E97B2-E853-439F-BE32-FB24C59BC2B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E6689C22-7EBF-4D6A-A77E-D43D0D8D740F}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A52C14BC-16AD-4A30-B9B7-A248B8BD1110}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{336955D9-E920-46E5-8CEC-A806164889D4}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{6BE15131-47D8-4D0D-8D13-6F135E93AD8E}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{9929F627-5765-40FA-9490-F4B94BADFFDC}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{D9BC4FE7-2557-49DF-9A14-58F5681E7628}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B69E581E-75A5-4314-B0AD-E7E24137E2F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EFA58EFB-4A0F-4671-9798-09FECE0141E6}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DBC38B0E-B781-4F6B-8D3A-86DE029E01C1}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0CB2628C-F41E-4DFA-BCBA-977FCA42B706}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DB7AE223-E72D-464E-A4A2-FC98032C03DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{0AD907AF-89AD-4F25-9122-04CCA41DCC13}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{B38A9C5A-A8AA-404B-BAE7-21BECC678DEB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6B805E08-E2B5-4D6E-9BFC-FB2A930175DD}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2015 12:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.1.21.129, time stamp: 0x51dd1105
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x5e4
Faulting application start time: 0xSDWelcome.exe0
Faulting application path: SDWelcome.exe1
Faulting module path: SDWelcome.exe2
Report Id: SDWelcome.exe3

Error: (08/10/2015 11:40:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x578
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2015 11:37:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x588
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2015 10:05:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x72c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2015 10:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x578
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/10/2015 10:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x560
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/06/2015 06:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp: 0x51f0ed9e
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x4c0
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/06/2015 06:06:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/06/2015 05:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.1.21.129, time stamp: 0x51dd1105
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0xd78
Faulting application start time: 0xSDWelcome.exe0
Faulting application path: SDWelcome.exe1
Faulting module path: SDWelcome.exe2
Report Id: SDWelcome.exe3

Error: (08/06/2015 05:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/10/2015 03:26:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:26:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:26:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:24:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:24:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:24:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2015 03:17:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (12/11/2011 07:53:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/06/2011 10:48:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 09:46:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity:
===================================
  Date: 2015-07-28 12:58:09.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:58:09.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:58:08.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:42.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:33.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:57:29.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:56.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:56.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:55.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 12:23:55.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 23%
Total physical RAM: 1982.49 MB
Available physical RAM: 1520.01 MB
Total Virtual: 3964.98 MB
Available Virtual: 3540.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:153.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.17 GB) NTFS
Drive f: () (Removable) (Total:7.54 GB) (Free:3.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 04:01 PM

Very good, thank you.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => "C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe"
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
FF SearchEngineOrder.1: Ask.com
FF user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\good-search.xml [2011-03-30]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\goodsearch.xml [2012-04-02]
2014-10-07 10:16 - 2014-10-07 10:16 - 0000042 _____ () C:\Users\Josh and Kristie\AppData\Roaming\adskey.txt
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 05:12 PM

FIXLOG:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by Josh and Kristie (2015-08-10 16:08:18) Run:3
Running from C:\Users\Josh and Kristie\Desktop
Loaded Profiles: Josh and Kristie (Available Profiles: Josh and Kristie & UpdatusUser)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\...\RunOnce: [Install Spybot - Search & Destroy] => "C:\Users\Josh and Kristie\Downloads\spybot-2.4.exe"
SearchScopes: HKU\S-1-5-21-1765777517-4217830844-774448315-1000 -> {498DFDA5-50E7-4D9C-B81B-BBB452182330} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B1571ECA-CC8C-4912-84C5-92C07C93F596&apn_sauid=274F674A-5A5C-4181-AE57-3958BAEE6263
FF SearchEngineOrder.1: Ask.com
FF user.js: detected! => C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js [2014-03-12]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\good-search.xml [2011-03-30]
FF SearchPlugin: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\goodsearch.xml [2012-04-02]
2014-10-07 10:16 - 2014-10-07 10:16 - 0000042 _____ () C:\Users\Josh and Kristie\AppData\Roaming\adskey.txt
Task: {1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {E3C1E4D8-8620-45DB-A951-6DC4C481161A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning => value removed successfully.
HKU\S-1-5-21-1765777517-4217830844-774448315-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Install Spybot - Search & Destroy => value removed successfully.
"HKU\S-1-5-21-1765777517-4217830844-774448315-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{498DFDA5-50E7-4D9C-B81B-BBB452182330}" => key removed successfully.
HKCR\CLSID\{498DFDA5-50E7-4D9C-B81B-BBB452182330} => key not found.
Firefox SearchEngineOrder.1 removed successfully.
C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\user.js => moved successfully.
C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\good-search.xml => moved successfully.
C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\searchplugins\goodsearch.xml => moved successfully.
C:\Users\Josh and Kristie\AppData\Roaming\adskey.txt => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0AB6E2-ACE1-4AC4-87F0-AC5D39BB1869}" => key removed successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C1E4D8-8620-45DB-A951-6DC4C481161A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C1E4D8-8620-45DB-A951-6DC4C481161A}" => key removed successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => key removed successfully.


The system needed a reboot.

==== End of Fixlog 16:08:18 ====

 

COMBOFIX LOG:

 

ComboFix 15-08-08.01 - Josh and Kristie 08/10/2015  16:20:21.1.2 - x86 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1982.1346 [GMT -5:00]
Running from: c:\users\Josh and Kristie\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Josh and Kristie\AppData\Local\fkn.exe
c:\users\Josh and Kristie\AppData\Local\iqo.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-10 to 2015-08-10  )))))))))))))))))))))))))))))))
.
.
2015-08-10 21:56 . 2015-08-10 21:56    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-08-10 21:56 . 2015-08-10 21:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-08-06 21:30 . 2015-08-10 17:28    --------    d-----w-    c:\users\Josh and Kristie\AppData\Local\CrashDumps
2015-08-06 19:03 . 2015-08-07 00:32    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-08-06 19:03 . 2015-08-06 21:10    --------    d-----w-    c:\programdata\RogueKiller
2015-08-06 17:27 . 2015-08-10 17:26    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 17:27 . 2015-06-18 13:41    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-08-06 17:27 . 2015-06-18 13:41    94936    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 17:27 . 2015-06-18 13:41    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-08-06 17:26 . 2015-08-06 17:26    --------    d-----w-    c:\programdata\Kaspersky Lab Setup Files
2015-08-06 12:28 . 2015-08-06 12:28    --------    d-----w-    c:\program files\ESET
2015-08-05 14:19 . 2015-08-06 17:36    --------    d-----w-    c:\program files\HitmanPro
2015-08-05 14:18 . 2015-08-06 17:36    --------    d-----w-    c:\programdata\HitmanPro
2015-08-05 01:05 . 2015-08-05 01:05    --------    d-----w-    C:\SUPERDelete
2015-08-05 01:01 . 2015-08-06 21:14    --------    d-----w-    c:\program files\SUPERAntiSpyware
2015-08-04 21:14 . 2015-08-04 21:14    --------    d-----w-    c:\programdata\Malwarebytes Anti-Exploit
2015-08-04 21:14 . 2015-08-06 17:36    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
2015-08-04 20:58 . 2015-08-04 20:58    --------    d-----w-    c:\users\Josh and Kristie\AppData\Local\IsolatedStorage
2015-08-04 20:57 . 2015-08-04 20:57    --------    d-----w-    c:\users\Josh and Kristie\AppData\Local\Chromium
2015-08-04 14:41 . 2015-08-10 21:08    --------    d-----w-    C:\FRST
2015-08-03 02:22 . 2015-08-06 17:36    --------    d-----w-    c:\program files\Microsoft Security Client
2015-07-30 04:24 . 2015-07-30 04:26    --------    d-----w-    c:\users\Josh and Kristie\AppData\Local\AvgSetupLog
2015-07-30 04:19 . 2015-08-06 12:19    --------    d-----w-    C:\TDSSKiller_Quarantine
2015-07-29 22:49 . 2015-07-30 14:46    --------    d-----w-    c:\program files\Common Files\AV
2015-07-28 20:55 . 2015-07-28 20:55    --------    d-----w-    c:\programdata\Emsisoft
2015-07-28 20:33 . 2015-08-06 17:36    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2015-07-28 18:52 . 2015-08-04 15:01    --------    d-----w-    C:\AdwCleaner
2015-07-27 23:16 . 2015-08-06 21:20    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-07-27 22:26 . 2015-07-27 22:26    --------    d-----w-    c:\users\Josh and Kristie\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-09 20:44 . 2012-04-09 13:16    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-09 20:44 . 2011-06-24 20:04    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 18:49 . 2015-05-14 18:49    29664    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-02-22 2761024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-29 39408]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-08-06 6815512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-05-18 3745744]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 157480]
.
c:\users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Cloud Drive.appref-ms [2015-8-6 408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Josh and Kristie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2012-03-08 23:32    884584    ----a-w-    c:\program files\Windows Live\Family Safety\fsui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 05:29    157480    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 20:23    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-02-29 03:25    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SansaDispatch"=c:\users\Josh and Kristie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-05-07 290272]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-03-11 132576]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-04-27 226784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-05-14 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-04-15 206816]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-05-18 3438544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-05-18 311792]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2014-05-19 1436192]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [2011-04-01 23608]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-31 1343400]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-05-07 191968]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-03-20 35808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-04 213984]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc    REG_MULTI_SZ       DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:44]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-29 12:08]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-29 12:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
IE: &Leave a note for Been users - c:\program files\Goodshop app\Basement\BackgroundEngine.exe/205
IE: &Remove from Been Clickstream - c:\program files\Goodshop app\Basement\BackgroundEngine.exe/206
IE: &Save as Been Favorite - c:\program files\Goodshop app\Basement\BackgroundEngine.exe/204
IE: &Thumbs Down - c:\program files\Goodshop app\Basement\BackgroundEngine.exe/202
IE: &Thumbs Up - c:\program files\Goodshop app\Basement\BackgroundEngine.exe/201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: superchips.com
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default\
FF - prefs.js: browser.search.selectedEngine - Swagbucks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
MSConfigStartUp-B2C_AGENT - c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files\Spybot - Search & Destroy 2\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-10  16:59:30
ComboFix-quarantined-files.txt  2015-08-10 21:59
.
Pre-Run: 164,200,009,728 bytes free
Post-Run: 173,734,420,480 bytes free
.
- - End Of File - - DB429EF24940BEBDF98748D4D597A0EC
A36C5E4F47E84449FF07ED3517B43A31

 

I stayed in safe mode during these last steps, and so far in safe mode I can right click without windows explorer crashing.  Spybot seems to be removed.  One of the issues I was having is that I couldn't remove programs in add/remove and I tried to remove an unnecessary one(iPod) and I recieved an error.  When I would start Firefox, I would get a "Problem loading page, invalid address" error and I still do.  If I search or type in an address manually it will work.  I also still get the same error when trying to access Firefox's settings.  My CPU usage is 0% and my Physical Memory is at 53%.  When I first started having problems it was because the computer was running extremely slow(no pop ups, no browser hijackers) and my memory would go up into the 70's.  I haven't gotten out of Safe Mode because, well, I'm scared to yet :)  After I had done scans before your help, I thought I had removed them, but then seemed to get more things downloaded again once I was out of safe mode. 
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 10 August 2015 - 07:17 PM

Thanks,

Let's boot into Normal Boot now and see how we do. If need be run these in Safe Mode with Networking.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox results
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 kls_01

kls_01
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 August 2015 - 09:00 PM

I tried rebooting normally and it was still extremely slow.  The physical memory got up to 92% and I couldn't do much of anything, so I rebooted in safe made with networking.

 

MINI TOOLBOX:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Josh and Kristie (administrator) on 10-08-2015 at 20:32:52
Running from "C:\Users\Josh and Kristie\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: Inspiron 531 Manufacturer: Dell Inc.
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : netgear.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : netgear.com
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1A-A0-7F-A2-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::316c:fc11:1aa6:5f05%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.24(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, August 10, 2015 7:45:54 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 11, 2015 7:45:54 PM
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DHCPv6 IAID . . . . . . . . . . . : 234887840
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0C-97-50-00-1A-A0-7F-A2-13
   DNS Servers . . . . . . . . . . . : 192.168.254.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.netgear.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    google.com
Addresses:  2607:f8b0:4009:806::100e
      74.125.225.3
      74.125.225.2
      74.125.225.7
      74.125.225.9
      74.125.225.8
      74.125.225.14
      74.125.225.6
      74.125.225.0
      74.125.225.1
      74.125.225.5
      74.125.225.4


Pinging google.com [74.125.225.4] with 32 bytes of data:
Reply from 74.125.225.4: bytes=32 time=28ms TTL=56
Reply from 74.125.225.4: bytes=32 time=28ms TTL=56

Ping statistics for 74.125.225.4:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 28ms, Average = 28ms
Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=56ms TTL=51
Reply from 98.139.183.24: bytes=32 time=57ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 57ms, Average = 56ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 1a a0 7f a2 13 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254   192.168.254.24     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link    192.168.254.24    276
   192.168.254.24  255.255.255.255         On-link    192.168.254.24    276
  192.168.254.255  255.255.255.255         On-link    192.168.254.24    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.254.24    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.254.24    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::316c:fc11:1aa6:5f05/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****

 

ZOEK REPORT:

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Josh and Kristie on Mon 08/10/2015 at 20:35:04.89.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Josh and Kristie\Desktop\zoek.exe [Scan all users]   [Deep Scan]

==== System Restore Info ======================

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Josh and Kristie\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

==== Deleting Files \ Folders ======================

C:\Windows\system32\appdata deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 1983 MB
CPU Info: AMD Athlon™ 64 X2 Dual Core Processor 5000+
CPU Speed: 2658.9 MHz
Sound Card: Not detected
Display Adapters: | RDP Encoder Mirror Driver
Monitors: 1x;
Screen Resolution: 800 X 600 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce Networking Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GSA-H73N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  288.0GB | D:  10.0GB
Hard Disks - Free: C:  161.8GB | D:  4.2GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 11/09/07 | DELL   - 42302e31
Time Zone: Central Standard Time
Motherboard *: Dell Inc. 0RY206
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17801
Mozilla Firefox version: 39.0.3 (x86 en-US)
Adobe Reader version: 11.0.03.37
Sun Java version: 1.8.0_31 (32-bit)
Flash Player version: 17.0.0.188

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-08-10 21:17:11    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2015-08-10 21:17:11    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2015-08-10 21:17:11    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2015-08-10 21:17:11    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2015-08-10 21:17:11    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
====== C:\Users\JOSHAN~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2015-08-06 19:03:45    FD44FA80DA03EA144153A76DEBBB61B4    35064    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2015-08-06 17:27:15    739164A8B8FB2F1B50A498F20AF7B21E    98520    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-06 17:27:02    B4CD87E78A01562E3DA67FE1C2779204    23256    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-08-06 17:27:02    A1E3A332E76F48410CF403FDF85FAFE0    94936    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2015-08-06 17:27:02    490F0F3ED8A970E2BAA38F719242B8F7    51928    ----a-w-    C:\Windows\System32\drivers\mwac.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-08-06 12:28:04    --------    d-----w-    C:\Program Files\ESET
2015-08-05 14:19:26    --------    d-----w-    C:\Program Files\HitmanPro
2015-08-05 01:01:38    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2015-07-29 22:49:51    --------    d-----w-    C:\Program Files\Common Files\AV
======= C: =====
====== C:\Users\Josh and Kristie\AppData\Roaming ======
2015-08-10 21:59:32    --------    d-----w-    C:\Users\UpdatusUser\AppData\Local\temp
2015-08-10 21:59:32    --------    d-----w-    C:\Users\Sara and Hailey\AppData\Local\temp
2015-08-10 21:59:32    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2015-08-10 21:59:32    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-08-10 21:59:32    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2015-08-06 21:30:11    --------    d-----w-    C:\Users\Josh and Kristie\AppData\Local\CrashDumps
2015-08-04 20:58:52    --------    d-----w-    C:\Users\Josh and Kristie\AppData\Local\IsolatedStorage
2015-08-04 20:57:32    --------    d-----w-    C:\Users\Josh and Kristie\AppData\Local\Chromium
2015-07-31 05:29:27    --------    d-----w-    C:\Windows\system32\config\systemprofile\AppData\Local\AvgSetupLog
2015-07-30 04:31:25    --------    d-----w-    C:\Windows\system32\config\systemprofile\AppData\Local\AVG ZEN
2015-07-30 04:24:40    --------    d-----w-    C:\Users\Josh and Kristie\AppData\Local\AvgSetupLog
2015-07-28 16:35:37    0C4B1ACB72943D8D024DABD9CDC37F85    7605    ----a-w-    C:\Users\Josh and Kristie\AppData\Local\Resmon.ResmonCfg
====== C:\Users\Josh and Kristie ======
2015-08-11 00:35:39    521104E0FF602840E969D6C3D03F41F1    891392    ----a-w-    C:\Users\Josh and Kristie\Desktop\MiniToolBox.exe
2015-08-10 21:59:32    --------    d-----w-    C:\Users\Public\AppData
2015-08-10 19:45:22    FB0EFE58F4B1F332A649CD5D52D9E358    1674752    ----a-w-    C:\Users\Josh and Kristie\Downloads\FRST.exe
2015-08-10 14:42:26    FB0EFE58F4B1F332A649CD5D52D9E358    1674752    ----a-w-    C:\Users\Josh and Kristie\Desktop\FRST.exe
2015-08-06 21:13:25    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-06 19:03:41    --------    d-----w-    C:\ProgramData\RogueKiller
2015-08-06 19:02:57    A1B20A17007D20575138194C34FFC178    18718280    ----a-w-    C:\Users\Josh and Kristie\Downloads\RogueKiller.exe
2015-08-06 18:58:42    0170A4503F85F2D7ABCBEF0419B1C35A    4404952    ----a-w-    C:\Users\Josh and Kristie\Downloads\tdsskiller(1).exe
2015-08-06 18:39:33    C5B68AC8EC40CAB217AB4F479B953B54    2870984    ----a-w-    C:\Users\Josh and Kristie\Downloads\esetsmartinstaller_enu.exe
2015-08-06 17:26:26    --------    d-----w-    C:\ProgramData\Kaspersky Lab Setup Files
2015-08-05 14:19:26    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-05 14:18:57    --------    d-----w-    C:\ProgramData\HitmanPro
2015-08-04 20:38:25    --------    d-----w-    C:\ProgramData\Google
2015-07-27 22:26:18    --------    d-----w-    C:\Users\Josh and Kristie\Mozilla

====== C: exe-files ==
2015-08-06 22:19:00    0CEED1D533CAE0741D56D83AB5CB004F    1525064    ----a-w-    C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_CA8A7236098B8F9A.exe
2015-08-06 22:18:56    71FF025C24EA6E0FC972427208B7AF9D    1105864    ----a-w-    C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_D6EBD55792EF3063.exe
2015-08-06 22:18:24    7D2D1E575711AF3C4340304F4A78E35A    532312    ----a-w-    C:\Program Files\Google\Update\Install\{A809D999-E06F-436D-BBC7-FE9FCE9FBB6A}\GoogleToolbarInstaller_updater_signed.exe
2015-08-06 22:18:24    7D2D1E575711AF3C4340304F4A78E35A    532312    ----a-w-    C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.6710.2136\GoogleToolbarInstaller_updater_signed.exe
2015-08-06 22:12:47    D7E523E6F4C911EDFF6A8325ACAEE56C    88392    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
2015-08-06 22:12:47    93EE27EEA252951660682E891B72D7F5    88392    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
2015-08-06 22:12:47    81A1D591D429FF81D443A993B9B91301    88392    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
2015-08-06 22:12:45    C42B77A66A4B794A56DFCD2FBEA5AD01    931408    ----a-w-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
2015-08-06 22:12:14    FC8EE235C4F75C96907C25EF1349CB81    130888    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
2015-08-06 22:12:12    92D840650F95EB60659952AEECAFCE85    305992    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
2015-08-06 22:12:11    54FB3B0B29F76E839C648D2F5983A22C    245576    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
2015-08-06 22:10:24    C6FF00DA1605982E616C03BE809FFE2D    144200    ----atw-    C:\Program Files\Google\Update\1.3.28.1\GoogleUpdate.exe
2015-08-06 22:08:28    C42B77A66A4B794A56DFCD2FBEA5AD01    931408    ----a-w-    C:\Program Files\Google\Update\Install\{D6E3D32D-8935-4E7E-BCDF-4066BEBA47BA}\GoogleUpdateSetup.exe
2015-08-06 22:08:27    C42B77A66A4B794A56DFCD2FBEA5AD01    931408    ----a-w-    C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe
2015-08-06 18:39:55    F0B5FAE0268D84B1CE6EA3B98D4D69EB    331464    ----a-w-    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-08-06 18:39:55    B23901621E5BD2EF1AAC3E6E6CB9E7FF    422600    ----a-w-    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-08-06 18:39:54    E78517BD20C282FBCA150D2B3ACCC760    2870984    ----a-w-    C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-08-06 18:39:54    4B0F506ACF0A8AE6D6B3E4CF6778B722    122568    ----a-w-    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-08-06 18:39:54    21B9AB1916917F9476B767F605345E62    532168    ----a-w-    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-08-04 13:30:35    C09630506604BF5CB94944ECE5D8D4D6    70096    ----a-w-    C:\Program Files\AVG\AVG2015\avguirux.exe
2015-08-04 13:30:35    AF7B951814C89D96CD63DAF111D28834    6474120    ----a-w-    C:\Program Files\AVG\AVG2015\avgmfapx.exe
2015-08-04 13:30:35    506204DABC65EC42F7BDB33DDF37E33B    22992    ----a-w-    C:\Program Files\AVG\AVG2015\avgrdtestx.exe
=== C: other files ==
2015-08-06 19:03:45    FD44FA80DA03EA144153A76DEBBB61B4    35064    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2015-08-06 17:27:15    739164A8B8FB2F1B50A498F20AF7B21E    98520    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-06 17:27:02    B4CD87E78A01562E3DA67FE1C2779204    23256    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-08-06 17:27:02    A1E3A332E76F48410CF403FDF85FAFE0    94936    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2015-08-06 17:27:02    490F0F3ED8A970E2BAA38F719242B8F7    51928    ----a-w-    C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1765777517-4217830844-774448315-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Fitbit Connect"="C:\Program Files\Fitbit Connect\Fitbit Connect.exe /autorun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY"
"Fitbit Connect"="C:\Program Files\Fitbit Connect\Fitbit Connect.exe /autorun"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Fitbit Connect"="C:\Program Files\Fitbit Connect\Fitbit Connect.exe /autorun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fssui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fssui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Live\\Family Safety\\fsui.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Josh and Kristie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
"item"="OneNote 2007 Screen Clipper and Launcher"
"path"="C:\\Users\\Josh and Kristie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2007 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"SansaDispatch"="C:\\Users\\Josh and Kristie\\AppData\\Roaming\\SanDisk\\Sansa Updater\\SansaDispatch.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"B2C_AGENT"="C:\\ProgramData\\LGMOBILEAX\\B2C_Client\\B2CNotiAgent.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Startup Folders ======================

2014-03-06 15:08:35    408    ----a-w-    C:\Users\Josh and Kristie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/09/2015 03:44 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10/19/2014 07:08 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10/19/2014 07:08 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\Adobe online update program" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Home-Josh and Kristie" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\B2CNotiAgent" [C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Sansa Dispatch" [C:\Users\Josh and Kristie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\JOSHAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default
user_pref("browser.newtab.url", "http://www.swagbucks.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Swagbucks");
user_pref("browser.search.selectedEngine", "Swagbucks");

==== Firefox Extensions ======================

ProfilePath: C:\Users\JOSHAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default
- Undetermined - %ProfilePath%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}.oldbackup

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Josh and Kristie\AppData\Roaming\Mozilla\Firefox\Profiles\ud64hiwv.default
D937A4645EFF8CB4F123E3C899C052B2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.6
42A9B216A7A288512CE2F9A6BCCE96BC    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
F00DA1A135FCA11D4426D9A5AB72CF0F    - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -    AdobeAAMDetect
3A523765D795DB006C010B915C3A840A    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
1F352B5944AF5C2204D9EFF7F845C5AF    - C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll -    Google Update
C517E5EA7CEE783F3681F62D2A362E5B    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81    - C:\Program Files\Microsoft\Office Live\npOLW.dll -    Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
073A22FDCDAFD513DAD0D972BD2DF76E    - c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll -    Silverlight Plug-In
225D76851EFC6144B4BAD941B3E8989D    - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll -    Java™ Platform SE 8 U31
D7324EB1EDCB8990F8522DE0311359E9    - C:\Windows\system32\npDeployJava1.dll -    Java Deployment Toolkit 7.0.250.17
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
2E661988463BCFA1B95D4DAAB9B0B6FA    - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll -    Shockwave Flash
1224D741CE1A54D67429E04A5B1EC4E2    - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll -    AmazonMP3DownloaderPlugin
41561B8AE9E551BD08304D48DAA900FA    - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -    AdobeAAMDetect
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\system32\npmproxy.dll -    Microsoft® Windows® Operating System
6D23BB87BCF88731959BF79082D442E6    - c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Josh and Kristie\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hhoibbfmmdpignilmknhhcagdapcncnd - C:\Program Files\Goodshop app\Chrome.crx[]

Chrome Hotword Shared Module - Josh and Kristie\AppData\Local\Chromium\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Josh and Kristie\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Slides - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Josh and Kristie\AppData\Local\Chromium\User Data\Default\Preferences
{"account_tracker_service_last_update":"13083195486388800","bookmark_bar":{"show_on_all_tabs":false},"browser":{"check_default_browser":false,"window_placement":{"bottom":714,"left":10,"maximized":false,"right":1014,"top":10,"work_area_bottom":724,"work_area_left":0,"work_area_right":1024,"work_area_top":0}},"cros":{"metrics":{"reportingEnabled":false}},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1041202"],"daily_original_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_original_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1041202"],"daily_received_length_https_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_long_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_short_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_unknown_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"last_update_date":"13083138000000000"},"default_apps_install_state":3,"distribution":{"auto_launch_chrome":true,"do_not_create_any_shortcuts":true,"do_not_launch_chrome":true,"make_chrome_default":false,"make_chrome_default_for_user":false,"skip_first_run_ui":true,"suppress_first_run_bubble":true},"dns_prefetching":{"host_referral_list":[2,["http://www.dregol.com/",["http://cdn.castplatform.com/",1.6695182127439199,"http://d.castplatform.com/",1.6695182127439199,"http://www.dregol.com/",3.3639546077675995]]],"startup_list":[1]},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13083196890742500"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"45.0.2423.0"},"first_run_tabs":[""],"gcm":{"check_time":"13083195546576800"},"hotword":{"previous_language":"en-US"},"http_original_content_length":"1041202","http_received_content_length":"1041202","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"gm2Bn53b2h6xgjM5myFUnw=="},"media":{"device_id_salt":"UpySGcbyDf/q9vSpFD6bdA=="},"net":{"http_server_properties":{"servers":{"clients2.google.com:443":{"supports_spdy":true},"clients4.google.com:443":{"supports_spdy":true}},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Person 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"safebrowsing":{"enabled":false},"search_provider_overrides_version":1,"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13083195486264800"},"translate_blocked_languages":["en"],"translate_whitelists":{}}
9F3D0669D5931907B455F099C510E7770D9F0BA6FF13E4C76101B44F757"},"profile":{"reset_prompt_memento":"D4530CB53DD89D7863C8A6CB3762FD06DE5DBC9965D16D3A72FE1B19AD4A6C8F"},"safebrowsing":{"incidents_sent":"569707D9A4676B72F48BE92B740BE3EF895419C8A646F1AE1BA70BD9C3B41845"},"search_provider_overrides":"5FF274EF8D72E5E07C969E0D0A5445FD06FD3719821FEE6213528B203B3906BA","session":{"restore_on_startup":"AB59F1A9CB391932F7B6047BDBE08DCCB63050B3A912DE5B810DA12B56F5E9D2","startup_urls":"6BDC7BE37ECE3A618ACBA2CAED842C364EC4B241A15EA0F356C95379D40065BC"},"software_reporter":{"prompt_reason":"5A1EEE6610B0E60FAD44D731D9768B67743F2307846BA8C85E4A6884DBA2CC78","prompt_seed":"D12521B12F27ED8D55846D6FE25154BD22242084A3546A89F2435F0D6575A92E","prompt_version":"565C7DC33789AA140A0FFC230B569B2F592F494FD1FE1EF8BAEA97F43DB5B49E"},"sync":{"remaining_rollback_tries":"330199A48C5F90321D74BF4A3B8CAD4B7FF7FA5817F414DCBE4E6C2F52FBDA56"}},"super_mac":"1B87DF32C3F0ADA7CABF0F9DFF09B405B86D61E36A74FD6832C6FC7A72CF86EF"},"search_provider_overrides":[{"encoding":"UTF-8","favicon_url":"http://www.dregol.com/favicon.ico","id":1001,"keyword":"Dregol","name":"Dregol","search_url":"http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_32&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyB0F0AtBtCtA0FtC0EtCtN0D0Tzu0StCtAtCtCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCtByDtCyE0B0BtGtDyEzz0BtG0CyD0C0EtGtDtDyCyBtGtA0EyC0EtBzy0A0DyByEtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyE0ByCyD0AzztGtA0DtC0EtGyE0FtAtBtGzzyCtDtBtGyB0D0ByDtCtAyE0CtByByEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzytDyD&cr=2030943677&ir=&uref=chmm","suggest_url":""}],"session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}

C:\Users\Josh and Kristie\AppData\Local\Google\Chrome\User Data\Default\Preferences
zcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\37.0.2062.103\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"ephemeral_app":false,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13054415108179400","lastpingday":"13054374008935400","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_1","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"hotword":{"previous_language":"en-US"},"intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"Z0sW4hcEM0A8SQGfGic8DQ=="},"media":{"device_id_salt":"GsEFm4Mf1LEvnO4P4zMVmA=="},"net":{"http_server_properties":{"servers":{},"version":3}},"pinned_tabs":[],"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{},"pref_version":1},"created_by_version":"37.0.2062.103","exit_type":"Normal","exited_cleanly":true,"icon_version":2,"managed_user_id":"","name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{"browser":{"show_home_button":"4C9C1DF945E1A09704D57D60BAC7BC55EE7DB6C4F936C0FD082B4C4CD1363BBF"},"default_search_provider":{"keyword":"CA4E6D491E9B6A58CB0646AE3D58A927D85B57C4A3E44590552FA302E47A3694","name":"1010B30D9EDDBE794E6CE32D20C37BCD9034C36A8979830A5679FC8897BE96F9","search_url":"CDA2511DB25DC905AE3B91FAD6F2E0E3DFCFC21751A77571577DACBE870ADFBC"},"default_search_provider_data":{"template_url_data":"FAA3BFC3725C5CBCC040FF6A55608365A56C6FB6547401DEF055887D68EF7A96"},"extensions":{"known_disabled":"850FDEA38FEF6F0723503483E666A2C343B9DB8154F0AFBFB035643A7A79CB8B","settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"142BEB6AAF48072AC6E465D0BD9CD81BB6BA34072F550A10B473930CCD7D5145","ahfgeienlihckogmohjhadlkjgocpleb":"76266D1338CDE59CF0AE5CCE1A57C990E82FAA90E4928CE8C92F079C8127EEB5","aohghmighlieiainnegkcijnfilokake":"1E7FF762F3A6FD53505C956D214EEF2CC11ABFBB6035B6B572A60680DD289A4C","apdfllckaahabafndbhieahigkjlhalf":"F1510C4E80B71E64A46333005A6CE9B85416B2B65959BC76985DC94EC0D728B9","bepbmhgboaologfdajaanbcjmnhjmhfn":"8E8017CA1B603A58B12662FEB1D0FD7F383DDBED111DE704D69E1D839AB2E42B","blpcfgokakmgnkcojhhkbfbldkacnbeo":"9E04DC5777953EE30B395AF5829A3621F07DAB522475B91632784C616020B471","coobgpohoikkiipiblmjeljniedjpjpf":"BCC2D9F4AC914127F7045619A3189DF504DC626FAECA9673F0E35CC00C11AC15","dnhpdliibojhegemfjheidglijccjfmc":"8BD2EA08CBA67A765D8163E71ADD9B6F29F1F852D81542EE4CC07FB6D0831E2D","eemcgdkfndhakfknompkggombfjjjeno":"D808BB26E12D2F95D0367E9D280819C4A6B2507DCDCC4EC2463E9086DD45307B","ennkphjdgehloodpbhlhldgbnhmacadg":"233D138C08B4799ADC797329DACD5DC3FD0A42A5D79EB7CE905F4A235FAA50F1","felcaaldnbdncclmgdcncolpebgiejap":"11C710E91A194ED00C6630860055E65CE92282B4D87FC6F14B08496B20236E1B","gfdkimpbcpahaombhbimeihdjnejgicl":"97DF2A228E97378E219DCB56654FA5E5273B8207C76C84C0E5AF94F3968153A8","kmendfapggjehodndflmmgagdbamhnfd":"500A44E2B2C07BBF301CC71DFCF61D0F77A23317755D9063435C8B0876AFE508","mfehgcgbbipciphmccgaenjidiccnmng":"E03D007ABAED16981FE95D94EAD6288C6DB34CA37B47583A791CC3876ACD0F0D","mfffpogegjflfpflabcdkioaeobkgjik":"EA4D097319C7AE67CF5DF00AA8DB734E9FADB4310858F75641C7CF439F6EF0A5","mgndgikekgjfcpckkfioiadnlibdjbkf":"1BD6218682AA3574F52A0CC026586311DEB488BA4DC7698E4408FB892D59E4B9","neajdppkdcdipfabeoofebfddakdcjhd":"073D29DAAD3F282DF424D11778DF998C37B94A23CE047106B073F7BABAAC2330","nkeimhogjdpnpccoofpliimaahmaaome":"32B3CBE600B03565DBBB20269A662F53E9E85F81321F82BCBD72D68F6D5542DB","nmmhkkegccagdldgiimedpiccmgmieda":"E4291B2CA4B20976716B7D4E74F14D0A454E3831B68C4A28ADA18191CF8B48EB","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"021589D1842B642FDBA7606C4A8579BF5290E0606BF6E48DAA1C5DC6F48B5791","pjkljhegncpnkpknbcohdijeoejaedia":"710BA03B0F95F86DA60C8DCFB6AEA010F61C9431684C5A2AE8D5180E88C5A632"}},"google":{"services":{"last_username":"3B9F8F01F52233F90C31B3247A853406776AB555C4FA40BABCEF83A6FCFD90D5"}},"homepage":"8FFED087AC9B47931FF43F30567040CF5A40F4AA3D91DC01C7FB6AADF1AD7DEB","homepage_is_newtabpage":"628DDEDE22139991B273A24249507ADC61CDBE46BB638ECF159E7A69D83C05CB","pinned_tabs":"4C7503342DFAAF9571D032A722408F098326C833D988CC75D97176646F95B58C","prefs":{"preference_reset_time":"E9296B244E32E0D606F18092A312486EF2033ACE275C818935AB825F6F6F3EBA"},"profile":{"reset_prompt_memento":"0F3EA3FA46D6D8FB27489CBB8B30D55CA3D23CB5BE71648BB0FB8D1B0FC76CA4"},"safebrowsing":{"incident_report_sent":"7B7924E9A3CB21CE1629B0388FBEA072824589CA7A95634334D6C797A5040339"},"search_provider_overrides":"C58D8AE6B5BEBD7D152A8440453E406FF6D11EDFCECFF718595683E79C42314B","session":{"restore_on_startup":"48D00E1A63C6E59377C33BCBA7F00999BF99B24B8CDB8F738FDA0BDC651151B1","startup_urls":"5765A754B27B70A7884541FF05C65DB5BFCC8BD31BD2E023F9CD9110D1E17E56"},"sync":{"remaining_rollback_tries":"5508BE4363FE1BA74D91DD55192C091D1F35A30284804E15ADC6A3113924AAB6"}}},"savefile":{"default_directory":"C:\\Users\\Josh and Kristie\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13054415050304400"},"sync":{"remaining_rollback_tries":0},"sync_promo":{"startup_count":3},"translate_accepted_count":{"ja":0},"translate_blocked_languages":["en"],"translate_denied_count":{"ja":1},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS473"

==== HijackThis Entries ======================

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Amazon Cloud Drive.appref-ms
O8 - Extra context menu item: &Leave a note for Been users - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/205
O8 - Extra context menu item: &Remove from Been Clickstream - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/206
O8 - Extra context menu item: &Save as Been Favorite - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/204
O8 - Extra context menu item: &Thumbs Down - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/202
O8 - Extra context menu item: &Thumbs Up - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.superchips.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=4 16449 bytes)

==== EOF on Mon 08/10/2015 at 20:43:11.35 ======================


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users