Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Possibly Hijacked-Popups over websites with redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 redneckrocketeer

redneckrocketeer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:08:45 PM

Posted 26 September 2015 - 08:39 PM

Every web browser has pupups that are appearing at the bottom of the window, and top of the window and occasionally at the bottom right corner of the browser window. It is happening across all browsers. Malwarebytes blocks the actual contents of the popup and only shows place holders and shows a popup for blocked websites such as "myatorak.ru" and 'ibzine.ru' just to name a couple but they always end in .ru. I have ran Malwarebytes several times along with AVG and nothing fixes the problem. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by EM (administrator) on HOUSMAN (26-09-2015 20:03:30)
Running from C:\Users\EM\Desktop
Loaded Profiles: ronni_000 & toni & ryan & abby & rebekah & jonny_000 & tandr_000 & EM & 4 KIDS & redneckrocketeer & Hannah & Administrator (Available Profiles: ronni_000 & toni & ryan & abby & rebekah & jonny_000 & tandr_000 & EM & 4 KIDS & redneckrocketeer & Hannah & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567568 2015-09-25] ()
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1001\...\Run: [uTorrent] => C:\Users\ryanh_000\AppData\Roaming\uTorrent\uTorrent.exe [1855312 2014-07-12] (BitTorrent Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3712688546-3949692237-1664249411-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1005\...\Run: [Facebook Update] => C:\Users\ryanh_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-22] (Facebook Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1005\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [BrowserSafeguard Update Task] => "C:\Users\EM\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [Facebook Update] => C:\Users\EM\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-13] (Facebook Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [GoogleChromeAutoLaunch_1D2296E7383D688DD73113306ADF5306] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [uTorrent] => C:\Users\EM\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-31] (BitTorrent Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Run: [Camfrog] => C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [15709712 2015-08-04] (Camshare, Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\MountPoints2: {1f25bd6b-ffaf-11e4-bf92-b4b52fd9d51f} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\MountPoints2: {ae930add-b6f8-11e4-bf6d-b4b52fd9d51f} - "G:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-21-3712688546-3949692237-1664249411-1024\...\Run: [uTorrent] => C:\Users\redneckrocketeer\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-09-15] (BitTorrent Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1024\...\Run: [GoogleChromeAutoLaunch_496889DF3AC58B4953588008FE1A7613] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1025\...\Run: [ShopAtHomeWatcher] => C:\Users\Hannah\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2014-11-25] (ShopAtHome.com)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1025\...\Run: [ShopAtHomeUpdater] => C:\Users\Hannah\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2014-11-25] (ShopAtHome.com)
HKU\S-1-5-21-3712688546-3949692237-1664249411-1025\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3712688546-3949692237-1664249411-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
Startup: C:\Users\EM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-3712688546-3949692237-1664249411-1006] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 93.158.212.5 8.8.8.8
Tcpip\..\Interfaces\{5294C64A-90E6-411A-8F87-876DA24E5C92}: [DhcpNameServer] 93.158.212.5 8.8.8.8
Tcpip\..\Interfaces\{9BCC2986-DD3C-43C0-A889-1AECA1F7911C}: [DhcpNameServer] 93.158.212.5 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3712688546-3949692237-1664249411-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1010\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1010\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1014\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1014\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1017\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://yourfreeware.org/file/free-mcafee-antivirus-2014-download-90-days/
hxxp://yourfreeware.org/download/mcafee-antivirus-2013-antispyware-incl-license-2-year/68676/
HKU\S-1-5-21-3712688546-3949692237-1664249411-1023\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1023\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1023\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1024\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1024\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1025\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3712688546-3949692237-1664249411-1025\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
URLSearchHook: [S-1-5-21-3712688546-3949692237-1664249411-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {B7439185-8511-46BA-9354-6C93146C9423} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {B7439185-8511-46BA-9354-6C93146C9423} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1001 -> DefaultScope {4121F80A-F885-4D03-9ABC-A755F386B4EE} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1006 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEC40B214-1E29-4F9F-9666-3FE7BB8C1C2C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1010 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1010 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1014 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1014 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1014 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1017 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1017 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1017 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> DefaultScope {651BC7D5-223D-460B-A604-72DFAEA58DB5} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11408&pf=V7&p2=^BBG^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=D05FC60F-E14E-4D4F-819A-815E0863D2D4&apn_ptnrs=BBG&apn_dtid=^OSJ000^YY^US&apn_dbr=ff_34.0.5.5443&doi=2014-12-25&trgb=FF&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> {651BC7D5-223D-460B-A604-72DFAEA58DB5} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11408&pf=V7&p2=^BBG^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=D05FC60F-E14E-4D4F-819A-815E0863D2D4&apn_ptnrs=BBG&apn_dtid=^OSJ000^YY^US&apn_dbr=ff_34.0.5.5443&doi=2014-12-25&trgb=FF&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5516C1A3-56F3-460C-830B-B822E39CA720}&mid=6acc1915cb3947d29d1165fc693d3cec-5b527ada197dd6817cb0c33c585890c76823c866&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-09 07:24:57&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> {B7439185-8511-46BA-9354-6C93146C9423} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1022 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1024 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-3712688546-3949692237-1664249411-1025 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.8.0.179\AVG SafeGuard toolbar_toolbar.dll [2015-09-25] (AVG Secure Search)
Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.8.0.179\AVG SafeGuard toolbar_toolbar.dll [2015-09-25] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3712688546-3949692237-1664249411-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-06] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-09-25] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\EM\AppData\Roaming\Mozilla\Firefox\Profiles\rm2pljnt.default-1399496422475
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2013-12-30] ()
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1005: @nsroblox.roblox.com/launcher -> C:\Users\ryanh_000\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1005: @nsroblox.roblox.com/launcher64 -> C:\Users\ryanh_000\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ryanh_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ryanh_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1014: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jonny_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1022: @nsroblox.roblox.com/launcher -> C:\Users\EM\AppData\Local\Roblox\Versions\version-8ee76ff82f0348de\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1022: @nsroblox.roblox.com/launcher64 -> C:\Users\EM\AppData\Local\Roblox\Versions\version-8ee76ff82f0348de\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1022: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\EM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1022: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\EM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3712688546-3949692237-1664249411-1025: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hannah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-09-25]
FF Extension: bestadblocker - C:\Users\EM\AppData\Roaming\Mozilla\Firefox\Profiles\rm2pljnt.default-1399496422475\Extensions\bGeD@KF2G7.com [2015-06-01]
FF Extension: VaeUDiX - C:\Users\EM\AppData\Roaming\Mozilla\Firefox\Profiles\rm2pljnt.default-1399496422475\Extensions\j@L5.org [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.8.0.179
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.8.0.179 [2015-09-25]
FF HKU\S-1-5-21-3712688546-3949692237-1664249411-1005\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-3712688546-3949692237-1664249411-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-3712688546-3949692237-1664249411-1010\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-3712688546-3949692237-1664249411-1014\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-3712688546-3949692237-1664249411-1022\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MF7980A9C-7B36-4BB1-926E-272EA7403816&SearchSource=55&CUI=&UM=8&UP=SP8823AEDC-63F4-409E-80B2-1B795DAA3351&D=070515&SSPV=
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MF7980A9C-7B36-4BB1-926E-272EA7403816&SearchSource=55&CUI=&UM=8&UP=SP8823AEDC-63F4-409E-80B2-1B795DAA3351&D=070515&SSPV=","hxxps://www.yahoo.com/","hxxp://www.google.com/","hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1QzutCzz0AzytDyD0B0B0E0A0B0EzyyCzyyCtN0D0Tzu0SzzzztDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtDzyyDzzzy0D0EtG0Azy0FyEtGyCtByEzztGyE0DyD0DtGyC0E0EyB0FyD0B0C0ByCyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0AtC0CzyyByBtGzztCzyyDtGtB0ByEyBtGyEtDyEyDtGtDtDtCyEzz0AyEyDtAtA0CyD2Q&cr=1031914447&ir=","hxxp://www.google.com/","hxxp://www-search.net/?s=E9Rzamodu06431,b595d7b5-b76f-4f09-993a-da1bf84caa48,","hxxp://www.dregol.com/?f=7&a=drg_mdaffmarmar_15_25&cd=2XzuyEtN2Y1L1QzuyC0C0CtBtCyByByEtCzzzzzyyC0FtCtAtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0FtB0EyCtAzztGtC0Ezz0EtGyCyEyEzytGyCzztAyEtGtCyBzytBtA0D0CzzzztA0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FyD0E0A0D0BtBtGyB0DzyzztGyEtC0DyCtGzy0E0BtAtGtByC0AyB0EyDtA0D0FtD0DtA2QtN0A0LzuyE&cr=1193272366&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MF7980A9C-7B36-4BB1-926E-272EA7403816&SearchSource=55&CUI=&UM=8&UP=SP8823AEDC-63F4-409E-80B2-1B795DAA3351&D=070515&SSPV=","hxxp://new%20tab/","hxxp://www.google.com"
CHR Profile: C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Chit Chat City) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\achiaajeohjhddijekccekdhmmbogahe [2015-03-30]
CHR Extension: (reddit companion) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-05-14]
CHR Extension: (Advanced Font Settings) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2015-05-14]
CHR Extension: (Chrome RDP) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2015-05-14]
CHR Extension: (Adblock Plus) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-30]
CHR Extension: (Chatroulette WizzCAM) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbkalheajdhkodfigjeahnlcigdjocdo [2015-03-30]
CHR Extension: (Social Video Chat MashMeTV) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgimnkkcekilmeifblloakploakdjcdm [2015-03-30]
CHR Extension: (Liveeds - Video Chat) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dijakfeonejjcnobjbpaoelcbnlodjpf [2015-03-30]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2015-06-21]
CHR Extension: (Pizza Snake) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eladgefgfablffmdbgbllikigaaehjbd [2015-05-01]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgeopcldenngppapceagonnenonklpbn [2015-05-14]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-06-21]
CHR Extension: (Google Docs Offline) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Pin It Button) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-21]
CHR Extension: (Last.fm Scrobbler) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-05-14]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2015-05-14]
CHR Extension: (File Search Engine (by FileDiva)) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjkinckdmleladaolhpagacjbkjfgfce [2015-06-21]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-05-14]
CHR Extension: (Wolfram Alpha) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idggmlekajlpkppfjdadikipagekmfdn [2015-05-14]
CHR Extension: (itsDark Secrets) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipoklagpjepogebocpefpgadhckipekh [2015-03-30]
CHR Extension: (Chat Vanilla Show) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgaehlpildddphihhaghbgijfebbbaeo [2015-03-30]
CHR Extension: (Tchatche (EN)) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khclhnjnolgghmkomogknjncddfgedla [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Webcam Toy) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-03-30]
CHR Extension: (ChatON) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lllpomgcgfpepaljbipihjionnkcmjcd [2015-03-30]
CHR Extension: (Chat Alternative) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mnccnbndckghfkbcdgjgmhpppbkhpgfc [2015-03-30]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2015-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-18]
CHR Extension: (My Chrome Theme) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-05-14]
CHR Extension: (Facebook Themes (Facebook Theme Gallery)) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phejagnmddcjhjblnacgmejghffmhjfp [2015-06-23]
CHR Extension: (Wattpad) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\piphhemhhfamdaihonaalhembhmcbijn [2015-06-20]
CHR Extension: (Gmail) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
CHR Extension: (Pirate Bay Advanced Search) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plnekogifdcgojikooacheaepjgehccp [2015-05-14]
CHR Extension: (facemoji - Stickers and emoji for Facebook) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmmeolboeidmfiiingaoifjhjdkgmlgj [2015-06-21]
CHR Profile: C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-13]
CHR Extension: (Dark Legends) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\acfbekphmapfjpdkfedomagjpccekhaa [2015-05-13]
CHR Extension: (Download Button) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alakoggmijiicdlcjjeakffojoinhlpg [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-13]
CHR Extension: (Google Drive) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-13]
CHR Extension: (YouTube) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-13]
CHR Extension: (Chrome Snake) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cbdobfnjgnmlcajcamdfjeofmnecepdl [2015-05-13]
CHR Extension: (Google Search) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-13]
CHR Extension: (Chromium License) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efdeihlijbbapgfpkbcigaglgknoijlf [2015-05-13]
CHR Extension: (Nitro Type) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efjibpecmniclffkmjlmboheacepckmf [2015-05-13]
CHR Extension: (Mechanic Watermelon) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fbecpajdliognangadmllfadblgimefn [2015-05-13]
CHR Extension: (Calculator Lite) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcegoabdmidonehokbongejbjfbmfoij [2015-05-13]
CHR Extension: (Google Sheets) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-13]
CHR Extension: (Chromium M) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2015-05-13]
CHR Extension: (Kiwarriors) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hidkbipjeobpdbkpfbbkoljohockbpce [2015-05-13]
CHR Extension: (Arcane Legends) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-05-13]
CHR Extension: (Sketchpad 3.5) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
CHR Extension: (GCM) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbkbnpaepaelpfkjbhoaeeeeeofocldj [2015-05-13]
CHR Extension: (IOS 8 New Tab) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgfakcmnoffojnpkbialeacnonihjiil [2015-05-13]
CHR Extension: (SculptGL) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nekbajpiaklffelkfhkjgfbggpehnpcp [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
CHR Extension: (Gmail) - C:\Users\EM\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768 2015-07-14] (Camshare Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-04-21] (EasyAntiCheat Ltd)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-04] (WildTangent)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-09-25] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-16] (Emsisoft GmbH)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-16] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-01] (Symantec Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-11-15] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 20:03 - 2015-09-26 20:04 - 00045368 _____ C:\Users\EM\Desktop\FRST.txt
2015-09-26 20:01 - 2015-09-26 20:03 - 00000000 ____D C:\FRST
2015-09-26 20:00 - 2015-09-26 20:00 - 02192384 _____ (Farbar) C:\Users\EM\Desktop\FRST64.exe
2015-09-26 19:41 - 2015-09-26 19:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\EM\Desktop\HijackThis.exe
2015-09-25 21:58 - 2015-09-25 21:58 - 00000022 _____ C:\WINDOWS\S.dirmngr
2015-09-25 21:12 - 2015-09-25 21:59 - 00000000 ____D C:\ProgramData\Avg_Update_0915tb
2015-09-25 21:12 - 2015-09-25 21:12 - 00000392 _____ C:\WINDOWS\Tasks\0915tbUpdateInfo.job
2015-09-25 20:50 - 2015-09-26 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 20:50 - 2015-09-25 20:50 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-25 20:50 - 2015-09-25 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-25 20:50 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-25 20:50 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-25 20:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-25 20:48 - 2015-09-25 20:48 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\EM\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-25 20:43 - 2015-09-25 20:43 - 00000000 ____D C:\WINDOWS\pss
2015-09-25 20:18 - 2015-09-25 20:18 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0e12699e76f9c
2015-09-25 20:07 - 2015-09-25 20:08 - 24346240 _____ (Malwarebytes Corporation ) C:\Users\EM\Desktop\mbam_premium.exe
2015-09-19 15:48 - 2015-09-19 15:48 - 00001103 _____ C:\Users\EM\Desktop\Cheat Engine.lnk
2015-09-19 15:48 - 2015-09-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-09-19 15:48 - 2015-09-19 15:48 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-09-19 14:59 - 2015-09-19 14:59 - 00001254 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2015-09-19 14:59 - 2015-09-19 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-09-19 14:56 - 2015-09-19 15:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-09-19 14:55 - 2015-09-19 15:09 - 00000000 ____D C:\Users\EM\AppData\Local\Battle.net
2015-09-19 14:55 - 2015-09-19 14:56 - 00000000 ____D C:\Users\EM\AppData\Roaming\Battle.net
2015-09-19 14:55 - 2015-09-19 14:55 - 00000000 ____D C:\Users\EM\AppData\Local\Blizzard Entertainment
2015-09-15 08:20 - 2015-09-15 08:20 - 00000294 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{62B9D46F-4EE6-4C90-A5CE-6574B4CA7991}.job
2015-09-15 08:15 - 2015-09-15 08:15 - 00000000 ____D C:\Users\EM\Mozilla
2015-09-15 07:48 - 2015-09-15 07:48 - 00000360 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - EM).job
2015-09-15 07:48 - 2015-09-15 07:48 - 00000000 ____D C:\Camfrog
2015-09-15 07:47 - 2015-09-15 07:47 - 00000000 ____D C:\Users\EM\AppData\Local\SlimWare Utilities Inc
2015-09-15 07:46 - 2015-09-25 20:21 - 00000000 ___RD C:\Users\EM\OneDrive
2015-09-14 08:01 - 2015-09-14 08:04 - 00000000 ____D C:\Users\EM\AppData\Roaming\Camfrog
2015-09-14 08:01 - 2015-09-14 08:01 - 00002205 _____ C:\Users\EM\Desktop\Camfrog Video Chat.lnk
2015-09-14 08:01 - 2015-09-14 08:01 - 00000000 ____D C:\Users\EM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat
2015-09-14 08:01 - 2015-09-14 08:01 - 00000000 ____D C:\Users\EM\AppData\Local\CrashRpt
2015-09-14 08:01 - 2015-09-14 08:01 - 00000000 ____D C:\Users\EM\AppData\Local\Camfrog
2015-09-14 08:01 - 2015-09-14 08:01 - 00000000 ____D C:\ProgramData\Camfrog Update
2015-09-14 08:01 - 2015-09-14 08:01 - 00000000 ____D C:\Program Files (x86)\Camfrog
2015-09-10 14:19 - 2015-09-10 14:19 - 00000000 ____D C:\Users\EM\Documents\My Cheat Tables
2015-09-10 14:14 - 2015-09-10 14:14 - 00062411 _____ C:\Users\EM\Desktop\k8bpX2b.cetrainer
2015-09-04 16:59 - 2015-09-04 16:59 - 00000274 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{BDAED4EB-43F7-4FA0-808B-D63FED795CDC}.job
2015-08-28 14:23 - 2015-09-15 07:46 - 00000000 ___RD C:\Users\EM\OneDrive (10).old
2015-08-27 19:15 - 2015-09-26 05:43 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e12699e76f9c.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 20:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-26 19:22 - 2014-05-06 09:32 - 00000000 ____D C:\ProgramData\MFAData
2015-09-26 09:36 - 2013-11-14 02:28 - 00006428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-26 09:27 - 2013-12-22 16:01 - 02078502 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 06:09 - 2013-12-22 13:04 - 00000950 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3712688546-3949692237-1664249411-1005UA.job
2015-09-26 05:45 - 2013-12-22 13:46 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3712688546-3949692237-1664249411-1022
2015-09-26 05:43 - 2015-02-01 14:52 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 05:43 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-26 05:40 - 2013-12-22 19:43 - 00000000 __RDO C:\Users\EM\SkyDrive
2015-09-26 05:38 - 2014-01-02 09:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-26 05:23 - 2015-02-01 14:52 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-26 04:46 - 2014-06-13 22:41 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3712688546-3949692237-1664249411-1022UA.job
2015-09-26 04:38 - 2014-01-02 09:27 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-25 21:58 - 2013-11-14 02:20 - 01495950 _____ C:\WINDOWS\PFRO.log
2015-09-25 21:58 - 2013-08-22 09:46 - 00672654 _____ C:\WINDOWS\setupact.log
2015-09-25 21:57 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Registration
2015-09-25 21:57 - 2013-08-22 08:25 - 02359296 ___SH C:\WINDOWS\system32\config\BBI
2015-09-25 21:50 - 2014-01-12 02:15 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter
2015-09-25 21:12 - 2014-08-27 06:32 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2015-09-25 21:12 - 2014-06-09 07:24 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2015-09-25 21:06 - 2012-09-22 23:55 - 00000000 ____D C:\WINDOWS\en
2015-09-25 21:04 - 2014-12-24 22:27 - 00000000 ____D C:\ProgramData\APN
2015-09-25 20:50 - 2014-11-16 15:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-25 20:43 - 2013-12-22 15:39 - 00000000 ____D C:\Users\EM
2015-09-25 20:42 - 2014-04-11 11:35 - 00000404 _____ C:\WINDOWS\Tasks\PassShow_wd.job
2015-09-25 20:20 - 2013-12-22 15:39 - 00000000 ____D C:\Users\abby
2015-09-25 20:18 - 2015-02-01 14:52 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-24 15:47 - 2014-11-08 12:05 - 00000000 ____D C:\Users\EM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-09-22 14:57 - 2012-09-22 23:37 - 00000000 ____D C:\ProgramData\Temp
2015-09-21 07:11 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-19 15:07 - 2014-07-12 13:17 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-09-16 08:09 - 2013-12-22 16:16 - 00000000 __RDO C:\Users\abby\SkyDrive
2015-09-15 12:02 - 2015-04-06 18:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-15 10:05 - 2015-01-24 16:01 - 00000000 ____D C:\Users\redneckrocketeer\AppData\Roaming\uTorrent
2015-09-15 08:20 - 2015-01-24 17:00 - 00000000 __SHD C:\Users\redneckrocketeer\AppData\Local\EmieUserList
2015-09-15 08:20 - 2015-01-24 17:00 - 00000000 __SHD C:\Users\redneckrocketeer\AppData\Local\EmieSiteList
2015-09-15 08:20 - 2015-01-24 17:00 - 00000000 __SHD C:\Users\redneckrocketeer\AppData\Local\EmieBrowserModeList
2015-09-15 08:20 - 2014-11-23 11:37 - 00000000 ___RD C:\Users\redneckrocketeer\OneDrive
2015-09-15 07:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-13 13:03 - 2015-02-15 17:23 - 00000000 ____D C:\Users\EM\AppData\Roaming\vlc
2015-09-11 17:27 - 2014-09-05 07:04 - 00000000 ____D C:\Users\EM\AppData\Local\Google
2015-09-04 16:58 - 2014-11-17 18:05 - 00000000 __SHD C:\Users\Hannah\AppData\Local\EmieBrowserModeList
2015-09-04 16:58 - 2014-11-16 18:28 - 00000000 __SHD C:\Users\Hannah\AppData\Local\EmieUserList
2015-09-04 16:58 - 2014-11-16 18:28 - 00000000 __SHD C:\Users\Hannah\AppData\Local\EmieSiteList
2015-09-04 16:58 - 2014-11-16 16:42 - 00000000 __RDO C:\Users\Hannah\OneDrive
2015-08-31 17:27 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-31 17:21 - 2014-05-04 11:49 - 00000000 ___RD C:\Users\jonny_000\OneDrive
2015-08-28 14:23 - 2015-08-21 06:39 - 00000000 ___RD C:\Users\EM\OneDrive (9).old
2015-08-27 09:55 - 2015-07-30 08:38 - 00000983 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-27 09:55 - 2014-05-06 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2014-06-09 07:24 - 2014-06-09 07:24 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-08-25 17:22 - 2015-08-25 17:22 - 0003584 _____ () C:\Users\EM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-16 00:20 - 2015-06-16 00:20 - 0001758 _____ () C:\Users\EM\AppData\Local\recently-used.xbel
2013-12-16 11:12 - 2013-12-16 11:12 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\abby\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\abby\AppData\Local\Temp\lostsoulsenchantedpaintings-510005774-setup.s510005774.c110268333.len.u.dl.exe
C:\Users\abby\AppData\Local\Temp\ReimagePackage.exe
C:\Users\abby\AppData\Local\Temp\SCC.dll
C:\Users\abby\AppData\Local\Temp\sqlite3.exe
C:\Users\abby\AppData\Local\Temp\SymCCIS.dll
C:\Users\abby\AppData\Local\Temp\ym5y4v-j.dll
C:\Users\EM\AppData\Local\Temp\PCSpeedCleanSetup.exe
C:\Users\EM\AppData\Local\Temp\sp64126.exe
C:\Users\EM\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\EM\AppData\Local\Temp\temp.exe
C:\Users\EM\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\EM\AppData\Local\Temp\UnityWebPlayer5016796516360263714.exe
C:\Users\EM\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\redneckrocketeer\AppData\Local\Temp\7z.dll
C:\Users\redneckrocketeer\AppData\Local\Temp\sevnz.exe
C:\Users\redneckrocketeer\AppData\Local\Temp\uttA7A9.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\nso8444.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\ronni_000\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\ronni_000\AppData\Local\Temp\SymCCIS.dll
C:\Users\ronni_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\ronni_000\AppData\Local\Temp\System.Data.SQLite14733.dll
C:\Users\ronni_000\AppData\Local\Temp\UNT508.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT509.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT50C.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT51E.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT51F.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT520.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT521.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT522.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNT708.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA22D.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA22E.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA232.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA233.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA234.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA235.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA246.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTA247.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD287.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD288.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD28C.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD28D.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD28E.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD28F.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD290.tmp.exe
C:\Users\ronni_000\AppData\Local\Temp\UNTD2A1.tmp.exe
C:\Users\ryanh_000\AppData\Local\Temp\wkqpffbs.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-26 04:21
 
==================== End of FRST.txt ============================
 
 
Cannot attach Addition.txt, when i click the choos files.. button nothing happens and the basic uploader takes me to a blank page. 
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 27 September 2015 - 05:27 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    DesktopWeatherAlerts
    Reimage Protector
    ShopAtHome.com Helper
    ShopAtHome.com Toolbar
    Vauuddix
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


Update the router firmware and change router password; Change the DNS entries;

http://www.howtogeek.com/164981/how-to-switch-to-opendns-or-google-dns-to-speed-up-web-browsing/

http://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Afterwards:

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 01 October 2015 - 12:06 PM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 03 October 2015 - 07:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users