Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacker keeps opening popups when I click on legit site links


  • This topic is locked This topic is locked
11 replies to this topic

#1 cderoche

cderoche

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 21 October 2015 - 06:26 AM

Running 64bit version of Windows 7 Home Premium, scanned with several antivirus software types none can remove or find the issue. Noticed a program I didn't have before running called DNS Loader - uninstalled it but it comes back. I have Hijackthis and can scan and post the log file if someone can help.

 

LOG:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:37:04 PM, on 10/21/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = Owner\AppData\Roaming\VERIZON\UA_ar\UA.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C00F29EE-2406-452B-8542-67ADA0F536C2}: NameServer = 199.203.131.152,82.163.143.182
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate1d0f3b7e9365419) (gupdate1d0f3b7e9365419) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem1d0f3b7eab33045) (gupdatem1d0f3b7eab33045) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9781 bytes

Edited by cderoche, 21 October 2015 - 02:37 PM.


BC AdBot (Login to Remove)

 


#2 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 22 October 2015 - 02:44 AM

Update:

I seemed to have fixed the issue (for now at least). I did an uninstall on the suspect software "DNS Loader" using CCleaner - as no install/uninstall folder could be located via the normal means of clicking the start button or Windows key. I tried this several times before but the software kept reappearing. I ended up going in to my Chrome Browser settings, clicking on Show Advanced Settings at the bottom, and all the way at the bottom of the page, scroll down and click on the reset settings feature. This will sign you out of many things and reset a few things to default state, but so far so good, I click on legit site links that previously were popping up with ads every-time and now it's stopped. Hopefully this is a fix. Will update if not. Still open to other suggestions in case I missed anything of course.


Edited by cderoche, 22 October 2015 - 07:50 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 PM

Posted 23 October 2015 - 10:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Just to make sure that it's all gone.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#4 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 October 2015 - 12:33 PM

Update, the DNL Loader software reappeared so my prior attempt failed. Here is the log file from adwcleaner:

 

# AdwCleaner v5.014 - Logfile created 23/10/2015 at 12:19:51
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - DEROCHE-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.014.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Advanced Driver Updater
Folder Found : C:\Program Files (x86)\Super Optimizer
Folder Found : C:\Program Files (x86)\DriverToolkit
Folder Found : C:\Program Files (x86)\SystemPromote
Folder Found : C:\Program Files (x86)\DNS Unlocker
Folder Found : C:\ProgramData\18217635239859636113
Folder Found : C:\ProgramData\{065aa9f8-fdf9-9575-065a-aa9f8fdfa7e3}
Folder Found : C:\ProgramData\{b0726295-94d2-16b4-b072-2629594d8a56}
Folder Found : C:\ProgramData\{b3bdeff7-d28f-24c5-b3bd-deff7d28bfdf}
Folder Found : C:\ProgramData\{ee41fdf6-cc37-5840-ee41-1fdf6cc3f7db}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Driver Updater
Folder Found : C:\Users\Owner\AppData\Local\DriverToolkit
Folder Found : C:\Users\Owner\AppData\Local\Innovative Solutions
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfnalfecnebefekkekbkophjgnibfdb
Folder Found : C:\Users\Owner\AppData\Roaming\Systweak
Folder Found : C:\Users\Owner\AppData\Roaming\RHEng
Folder Found : C:\Users\Owner\AppData\Roaming\Innovative Solutions
 
***** [ Files ] *****
 
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : AdvancedDriverUpdater_UPDATES
Task Found : Super Optimizer Schedule
Task Found : Superclean
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\cbbe3633-31fc-1ad5-d909-5e68df04867d
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\DriverToolkit
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Driver Updater_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\WEBAPP
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=hxxp%3A%2F%2Fwww.trovi.com%2F%3Fgd%3D%26ctid%3DCT3321486%26octid%3DEB%5FORIGINAL%5FCTID%26ISID%3DM739642FF%2D86A8%2D4F8D%2D8B5E%2D7971C768BC6E%26SearchSource%3D55%26CUI%3D%26UM%3D8%26UP%3DSPA6F81894%2D3EDC%2D43B7%2D84BE%2D4C9C38B8795E%26D%3D042815%26SSPV%3D&OSP=hxxp%3A%2F%2Fwww.trovi.com%2FResults.aspx%3Fgd%3D%26ctid%3DCT3321486%26octid%3DEB%5FORIGINAL%5FCTID%26ISID%3DM739642FF%2D86A8%2D4F8D%2D8B5E%2D7971C768BC6E%26SearchSource%3D58%26CUI%3D%26UM%3D8%26UP%3DSPA6F81894%2D3EDC%2D43B7%2D84BE%2D4C9C38B8795E%26q%3D%7BsearchTerms%7D%26D%3D042815%26SSPV%3D
Data Found : HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=hxxp%3A%2F%2Fwww.trovi.com%2F%3Fgd%3D%26ctid%3DCT3321486%26octid%3DEB%5FORIGINAL%5FCTID%26ISID%3DM739642FF%2D86A8%2D4F8D%2D8B5E%2D7971C768BC6E%26SearchSource%3D55%26CUI%3D%26UM%3D8%26UP%3DSPA6F81894%2D3EDC%2D43B7%2D84BE%2D4C9C38B8795E%26D%3D042815%26SSPV%3D&OSP=hxxp%3A%2F%2Fwww.trovi.com%2FResults.aspx%3Fgd%3D%26ctid%3DCT3321486%26octid%3DEB%5FORIGINAL%5FCTID%26ISID%3DM739642FF%2D86A8%2D4F8D%2D8B5E%2D7971C768BC6E%26SearchSource%3D58%26CUI%3D%26UM%3D8%26UP%3DSPA6F81894%2D3EDC%2D43B7%2D84BE%2D4C9C38B8795E%26q%3D%7BsearchTerms%7D%26D%3D042815%26SSPV%3D
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer] - 199.203.131.152,82.163.143.182
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer] - 199.203.131.152,82.163.143.182
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer] - 199.203.131.152,82.163.143.182
 
***** [ Web browsers ] *****
 
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M739642FF-86A8-4F8D-8B5E-7971C768BC6E&SearchSource=55&CUI=&UM=8&UP=SPA6F81894-3EDC-43B7-84BE-4C9C38B8795E&D=042815&SSPV=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bpphkkgodbfncbcpgopijlfakfgmclao
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : imfnalfecnebefekkekbkophjgnibfdb
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mcbkbpnkkkipelfledbfocopglifcfmi
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7504 bytes] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 PM

Posted 23 October 2015 - 12:59 PM

Run the AdwCleaner tool and clean everything that was found.

Waiting for the other 2 log from the Farbar tool.

#6 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 October 2015 - 01:04 PM

Sorry, this is the post cleaning log:

 

# AdwCleaner v5.014 - Logfile created 23/10/2015 at 12:36:03
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - DEROCHE-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.014.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Advanced Driver Updater
[-] Folder Deleted : C:\Program Files (x86)\Super Optimizer
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\SystemPromote
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\ProgramData\18217635239859636113
[-] Folder Deleted : C:\ProgramData\{065aa9f8-fdf9-9575-065a-aa9f8fdfa7e3}
[-] Folder Deleted : C:\ProgramData\{b0726295-94d2-16b4-b072-2629594d8a56}
[-] Folder Deleted : C:\ProgramData\{b3bdeff7-d28f-24c5-b3bd-deff7d28bfdf}
[-] Folder Deleted : C:\ProgramData\{ee41fdf6-cc37-5840-ee41-1fdf6cc3f7db}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Driver Updater
[-] Folder Deleted : C:\Users\Owner\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Innovative Solutions
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfnalfecnebefekkekbkophjgnibfdb
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Innovative Solutions
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : AdvancedDriverUpdater_UPDATES
[-] Task Deleted : Super Optimizer Schedule
[-] Task Deleted : Superclean
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\cbbe3633-31fc-1ad5-d909-5e68df04867d
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Driver Updater_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[!] Key Not Deleted : [x64] HKCU\Software\DriverToolkit
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
[-] Data Restored : HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Software\Microsoft\Internet Explorer\Main [First Home Page]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2} [NameServer]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M739642FF-86A8-4F8D-8B5E-7971C768BC6E&SearchSource=55&CUI=&UM=8&UP=SPA6F81894-3EDC-43B7-84BE-4C9C38B8795E&D=042815&SSPV=
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bpphkkgodbfncbcpgopijlfakfgmclao
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : imfnalfecnebefekkekbkophjgnibfdb
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mcbkbpnkkkipelfledbfocopglifcfmi
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6590 bytes] ##########


#7 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 October 2015 - 01:09 PM

And two logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Owner (administrator) on DEROCHE-PC (23-10-2015 13:04:50)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-09] (Google Inc.)
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\MountPoints2: {644c4c46-5f9c-11e4-a281-806e6f6e6963} - D:\LaunchWinApp.exe "setup.exe"
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\MountPoints2: {8c3f3509-b47e-11e4-b301-acf1df06c902} - G:\setup.exe
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\MountPoints2: {c5dd04ef-8ae7-11e4-b313-acf1df06c902} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\MountPoints2: {e06a1524-5734-11e5-b320-acf1df06c902} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-04-14]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Owner\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{C00F29EE-2406-452B-8542-67ADA0F536C2}: [DhcpNameServer] 192.168.3.1
 
Internet Explorer:
==================
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-719206043-1492385176-1934966417-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-719206043-1492385176-1934966417-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-719206043-1492385176-1934966417-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-719206043-1492385176-1934966417-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-719206043-1492385176-1934966417-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M739642FF-86A8-4F8D-8B5E-7971C768BC6E&SearchSource=55&CUI=&UM=8&UP=SPA6F81894-3EDC-43B7-84BE-4C9C38B8795E&D=042815&SSPV=","hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1","hxxp://thepiratebay.sx/","hxxp://sww.shell.com/","hxxp://yahoo.com/","hxxps://mysearch.avg.com/?cid={1D8A1851-7298-4B18-BE2F-6D14A74B3CA0}&mid=dcb20eee0d8147d3bba9d16836b9859b-95471c3edaf4a3bcaf3199b7407de2ac8d39c5a1&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2013-11-12%2011:59:12&v=18.1.9.799&pid=safeguard&sg=91&sap=hp","hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Classic Games) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-10-23]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Let's fish!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cllcnemhlcbajfagpgedoiifogemaimb [2014-12-27]
CHR Extension: (The Pirate Bay Redirector) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnminlhlpmekadljcjaogaaodpmlpkmk [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Street Racers) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohkjfondhjjfehnehlpmjpljpihfhfc [2015-04-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Search by Image (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Netflix) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-10-03]
CHR Extension: (Adventure Golf) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgiecfacokilefjaaodhjlpdgdhdomgj [2014-11-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-03-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dropbox for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-10-15]
CHR Extension: (TorrentStream Helper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebaaacomjclfgnkmaeaneljmfgkofphc [2015-10-03]
CHR Extension: (Nitro Type) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjibpecmniclffkmjlmboheacepckmf [2014-12-27]
CHR Extension: (Despicable Me 2 - Mission Impopsible) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\egcldgpekkbhbdelknamfcahbimgnhji [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Space Ark @ ga.me) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epdolcdjmopkciaiefdgjcnhohgbdbgh [2014-12-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Team Tanks) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanaoobcoplmfmebhjddichbapochmad [2014-11-06]
CHR Extension: (Pandora) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Trigger Rally) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffcmblpjhjbkjhpemdpepfgcefkbejbi [2014-12-02]
CHR Extension: (Full Screen Weather) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Chrome Remote Desktop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-10-03]
CHR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (Protect My Choices) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2015-10-03]
CHR Extension: (3D Neon Bike Race) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmbelgikjfcedfiaaedcnodbgjjpfbd [2014-11-06]
CHR Extension: (DEPRECATED: Keep My Opt-Outs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2015-09-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Pathuku) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2014-12-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Isoball 3) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (TorrentStream Helper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2015-10-03]
CHR Extension: (Warzone Tower Defense) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpamojcnkceaplhdkpgcdlookebjipj [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (90`s Games) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-03-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dropbox) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-01-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (SWOOOP) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2015-10-03]
CHR Extension: (Disconnect) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-02-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Cut the Rope) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2015-10-03]
CHR Extension: (Roomstyler 3D planner) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2015-03-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-12-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Blackball Pool) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag [2014-11-06]
CHR Extension: (Truck Loader 2) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\joidkelepbgedjiageepconmpfihhpni [2014-11-06]
CHR Extension: (Lego Star Wars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kechkodnmiapapbinmegldfmecnmihgl [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (UKBay Launcher) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfhobpngpkdpmlimlhcmailleodhhagi [2015-03-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Truck Loader - Stress your Physics Skills!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjeglknmjaihhkgbedkmmhebngnlana [2014-11-18]
CHR Extension: (The Great Suspender) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-06-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Little Alchemy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-02-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vector Tower Defense) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpffkahdojhklhgeokielnfjhjmokhhp [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Build with Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-11-06]
CHR Extension: (Tank Blitz Zero) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lilknnobiholpdbiohjpneajadcgenjj [2014-11-25]
CHR Extension: (Google Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-03]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-10-23]
CHR Extension: (Flashcontrol) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-10-19]
CHR Extension: (DF YouTube (Distraction Free)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepdfccjgcndkmemponafgioodelna [2015-03-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Fishing Joy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc [2015-10-09]
CHR Extension: (Command Grid) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkdppmloidnlkcddnagjmklkoepcehj [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Subtitle Videoplayer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\naikohapihpbhficdpbddmgbhiccijca [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Plumber) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncifjflcpinecddacogflfpfochbokpj [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Despicable Me 2 Minion Golf) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmlcobhedocidedjacfeonfnlklipjih [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Truck Loader 4) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagalbcapbngjlhopbddaepeoncomlad [2014-11-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S2 gupdate1d0f3b7e9365419; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-20] (Google Inc.)
S3 gupdatem1d0f3b7eab33045; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-20] (Google Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-17] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [301488 2015-08-28] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [787576 2015-06-09] (www.ext2fsd.com)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3398800 2014-07-04] (MediaTek Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-05-29] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [304128 2014-05-29] (VIA Technologies, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-23 13:04 - 2015-10-23 13:06 - 00030117 _____ C:\Users\Owner\Downloads\FRST.txt
2015-10-23 12:53 - 2015-10-23 12:53 - 00000344 _____ C:\Windows\PFRO.log
2015-10-23 12:19 - 2015-10-23 12:36 - 00000000 ____D C:\AdwCleaner
2015-10-23 12:18 - 2015-10-23 12:18 - 02196480 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-10-23 12:18 - 2015-10-23 12:18 - 01691648 _____ C:\Users\Owner\Downloads\adwcleaner_5.014.exe
2015-10-23 10:12 - 2015-10-23 10:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2015-10-23 10:11 - 2015-10-23 10:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2015-10-23 10:11 - 2015-10-23 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-23 10:11 - 2015-10-23 10:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-23 10:10 - 2015-10-23 10:10 - 00000000 ___HD C:\$AVG
2015-10-23 10:07 - 2015-10-23 13:05 - 00000000 ____D C:\ProgramData\MFAData
2015-10-23 10:07 - 2015-10-23 10:07 - 00000932 _____ C:\Users\Public\Desktop\AVG.lnk
2015-10-23 10:07 - 2015-10-23 10:07 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2015-10-23 10:07 - 2015-10-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-10-23 10:05 - 2015-10-23 10:10 - 00000000 ____D C:\ProgramData\Avg
2015-10-23 10:05 - 2015-10-23 10:09 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-23 09:39 - 2015-10-23 12:53 - 00000168 _____ C:\Windows\setupact.log
2015-10-23 09:39 - 2015-10-23 09:39 - 00000000 _____ C:\Windows\setuperr.log
2015-10-23 06:26 - 2015-10-23 12:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-10-23 06:26 - 2015-10-23 10:07 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
2015-10-23 06:26 - 2015-10-23 06:26 - 02895448 _____ (AVG Technologies) C:\Users\Owner\Downloads\AVG_Protection_Free_698.exe
2015-10-23 06:15 - 2015-10-23 06:15 - 00026344 _____ C:\Windows\System32\Tasks\DNSBOZAR
2015-10-22 18:52 - 2015-10-22 18:52 - 00000000 _____ C:\autoexec.bat
2015-10-15 03:15 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 03:15 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 03:15 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 03:15 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 03:15 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 03:15 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 03:15 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 08:05 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 08:05 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 08:05 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 08:05 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 08:05 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 08:05 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 08:05 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 08:05 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 08:05 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 08:05 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 08:05 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 08:05 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 08:05 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 08:05 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 08:05 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 08:05 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 08:05 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 08:05 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 08:05 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 08:05 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 08:05 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 08:05 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 08:05 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 08:05 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 08:05 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 08:05 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 08:05 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 08:05 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 08:05 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 08:05 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 08:05 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 08:05 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 08:05 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 08:05 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 08:05 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 08:05 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 08:05 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 08:05 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 08:05 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 08:05 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 08:05 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 08:05 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 08:05 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 08:05 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 08:05 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 08:05 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 08:05 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 08:05 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 08:05 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 08:05 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 08:05 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 08:05 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 08:05 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 08:05 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 08:05 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 08:05 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 08:05 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 08:05 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 08:05 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 08:05 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 08:05 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 08:05 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 08:05 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 08:05 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 08:05 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 08:05 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 08:05 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 08:05 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 08:05 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 08:05 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 08:05 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 08:05 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 08:05 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 08:05 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 08:04 - 2015-10-01 13:12 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 08:04 - 2015-10-01 13:10 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 08:04 - 2015-10-01 13:09 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 08:04 - 2015-10-01 13:07 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 08:04 - 2015-10-01 13:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 08:04 - 2015-10-01 13:07 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 08:04 - 2015-10-01 13:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 08:04 - 2015-10-01 13:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 08:04 - 2015-10-01 13:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 08:04 - 2015-10-01 13:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 08:04 - 2015-10-01 13:05 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 08:04 - 2015-10-01 13:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 08:04 - 2015-10-01 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 08:04 - 2015-10-01 13:05 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 08:04 - 2015-10-01 13:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 08:04 - 2015-10-01 13:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:04 - 2015-10-01 12:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 08:04 - 2015-10-01 12:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 08:04 - 2015-10-01 11:47 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 08:04 - 2015-10-01 11:46 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 08:04 - 2015-10-01 11:46 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 08:04 - 2015-09-28 15:21 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 08:04 - 2015-09-28 15:21 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 08:04 - 2015-09-28 15:19 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 08:04 - 2015-09-28 15:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 08:04 - 2015-09-28 15:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 08:04 - 2015-09-28 15:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 08:04 - 2015-09-28 15:15 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 08:04 - 2015-09-28 15:15 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 08:04 - 2015-09-28 15:15 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 08:04 - 2015-09-28 15:15 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 08:04 - 2015-09-28 15:11 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 08:04 - 2015-09-28 15:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 13:22 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 08:04 - 2015-09-28 11:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 08:04 - 2015-09-28 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 08:04 - 2015-09-28 11:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 11:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 11:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:04 - 2015-09-28 11:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:04 - 2015-09-15 18:45 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 08:04 - 2015-09-15 18:45 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 08:04 - 2015-09-15 18:37 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 08:04 - 2015-09-15 18:37 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 08:04 - 2015-09-15 18:37 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 08:04 - 2015-09-15 18:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 08:04 - 2015-09-15 18:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 08:04 - 2015-09-15 18:37 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 08:04 - 2015-09-15 18:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 08:04 - 2015-09-15 18:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 08:04 - 2015-09-15 18:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 08:04 - 2015-09-15 18:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 08:04 - 2015-09-15 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 08:04 - 2015-09-14 16:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 08:03 - 2015-08-06 13:06 - 14182912 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 08:03 - 2015-08-06 13:06 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 08:03 - 2015-08-06 12:38 - 12878848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 08:03 - 2015-08-06 12:37 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 07:57 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-03 13:09 - 2015-10-03 13:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\School Zone Publishing
2015-10-03 13:09 - 2015-10-03 13:09 - 00002149 _____ C:\Users\Public\Desktop\Pencil-Pal Preschool.lnk
2015-10-03 13:09 - 2015-10-03 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\School Zone
2015-10-03 13:07 - 2015-10-03 13:07 - 00000000 ____D C:\Program Files (x86)\School Zone
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-23 13:04 - 2015-04-29 10:07 - 00000000 ____D C:\FRST
2015-10-23 13:02 - 2009-07-13 23:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-23 13:02 - 2009-07-13 23:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-23 12:59 - 2014-10-29 13:52 - 01952776 _____ C:\Windows\WindowsUpdate.log
2015-10-23 12:55 - 2015-06-07 12:23 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-23 12:53 - 2015-09-20 10:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-23 12:53 - 2014-11-20 14:40 - 00000000 ____D C:\temp
2015-10-23 12:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-23 12:28 - 2015-09-20 10:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-23 12:09 - 2015-01-09 16:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000UA.job
2015-10-22 16:14 - 2015-01-09 16:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000Core.job
2015-10-21 06:12 - 2015-09-09 12:25 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2015-10-20 18:29 - 2014-11-06 17:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitComet
2015-10-20 17:05 - 2014-11-11 16:25 - 00000406 _____ C:\Windows\Tasks\Defraggler Volume E Task.job
2015-10-18 16:31 - 2014-11-11 16:24 - 00000406 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2015-10-17 09:03 - 2014-11-11 16:25 - 00003208 _____ C:\Windows\System32\Tasks\Defraggler Volume E Task
2015-10-17 09:03 - 2014-11-11 16:24 - 00003206 _____ C:\Windows\System32\Tasks\Defraggler Volume C Task
2015-10-17 09:01 - 2015-02-03 07:34 - 00000000 ____D C:\Games
2015-10-16 03:16 - 2015-04-16 03:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 03:16 - 2015-04-16 03:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 13:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 03:39 - 2014-10-29 13:06 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 03:31 - 2014-10-29 13:06 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 03:30 - 2014-11-06 20:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-15 03:30 - 2014-11-06 20:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 03:26 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-10-14 18:22 - 2014-10-29 12:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-08 03:01 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-08 03:01 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 21:41 - 2009-07-14 00:13 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-03 13:03 - 2015-01-09 16:08 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000UA
2015-10-03 13:03 - 2015-01-09 16:08 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000Core
 
==================== Files in the root of some directories =======
 
2015-09-09 12:25 - 2015-09-09 12:43 - 0000024 _____ () C:\Users\Owner\AppData\Roaming\appdataFr25.bin
2015-03-31 08:04 - 2015-03-31 08:04 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2015-02-20 09:48 - 2015-02-20 09:59 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-21 06:06
 
==================== End of FRST.txt ============================
 
 
 
 
2nd LOG "addition":
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Owner (2015-10-23 13:06:33)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-29 17:28:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-719206043-1492385176-1934966417-500 - Administrator - Disabled)
Guest (S-1-5-21-719206043-1492385176-1934966417-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-719206043-1492385176-1934966417-1002 - Limited - Enabled)
Owner (S-1-5-21-719206043-1492385176-1934966417-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
AVG (HKLM\...\AvgZen) (Version: 1.13.1.26255 - AVG Technologies)
AVG (Version: 16.4.7163 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.4.7163 - AVG Technologies)
AVG Zen (Version: 1.13.1 - AVG Technologies) Hidden
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dell System Detect (HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version:  - )
DVDInfoPro 7.2.0.1 (HKLM-x32\...\DVDInfoPro_is1) (Version:  - DVDInfoPro Elite)
Ext2Fsd 0.62 (HKLM\...\Ext2Fsd_is1) (Version: 0.62 - Matt Wu)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\{22ACCF34-7FF3-3990-B0DA-697C8A16F121}) (Version: 66.19.16495 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
One Click Root (HKLM-x32\...\{7B63328E-EA08-4B31-9D5D-E78A6B95AFAD}) (Version: 1.00.0086 - One Click Root)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\Pandora) (Version: 1.3.1 - ZZJ)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Saver2 (HKLM-x32\...\Saver2) (Version: 1.3.2 - ZZJ)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-719206043-1492385176-1934966417-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-719206043-1492385176-1934966417-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
18-10-2015 07:45:21 Chrome Cleanup Tool
19-10-2015 16:43:50 Windows Update
23-10-2015 06:18:01 Windows Update
23-10-2015 10:09:37 Installed AVG 2016
23-10-2015 10:10:10 Installed AVG
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12F9C613-9B92-41B0-9A18-4C978162EB2F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1346D735-5A8E-4E33-8F0E-2DBA06D775C0} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {1F6E9090-F393-4048-8532-1627AFD06F24} - System32\Tasks\DNSBOZAR => C:\Program Files (x86)\DNS Unlocker\dnsbozar.exe
Task: {2480DEF3-CAC2-4BF3-BA08-06F05DD6E4B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {27EDC8A5-6F24-4B8C-AFC5-1B3B2AF6CC49} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)
Task: {3578FBD3-27DE-4B3E-8EA5-AAB504F91C4F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-09] (Google Inc.)
Task: {3AAC4591-BD88-4936-AFAB-2D16F29DD875} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4312CF54-0742-4FC2-AAB1-F6EE90A7D780} - System32\Tasks\Defraggler Volume E Task => C:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {4A58019D-87D1-469F-9543-EC67145959F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6DDD6889-33D4-4E17-AB29-690060351023} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {7041EC22-CEFC-41E7-B178-90B99AA9A2C4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-06] ()
Task: {76918582-6975-4DAC-8D31-0BA5A099DF2C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {B6E7AAAA-C964-41EB-93E7-C6F8D9826382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {E8CB4D25-4E64-4954-A79C-0D658AB1C4BA} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2014-02-05] (Piriform Ltd)
Task: {F1F50CBE-2CBD-4C83-9367-CBD69C09ECED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\Defraggler Volume E Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719206043-1492385176-1934966417-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-14 14:41 - 2014-12-02 13:10 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2014-04-07 09:31 - 2014-04-07 09:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-10-23 10:05 - 2015-10-23 06:27 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-09-09 18:09 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-09-09 18:09 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Owner\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-719206043-1492385176-1934966417-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-719206043-1492385176-1934966417-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\Picasa\Backgrounds\picasabackground.bmp
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Play Store 5.4.11 Latest Modded Version is Here ![LATEST][FIXED].lnk => C:\Windows\pss\Google Play Store 5.4.11 Latest Modded Version is Here ![LATEST][FIXED].lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: myradioplayer Tray => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
MSCONFIG\startupreg: rarpasswordcrackerwqbh => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{83A16A38-8CA2-4DF0-9936-3EADE0DF1417}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{E2746590-0090-4A8B-8AB5-DD02CCECF57F}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{2A9A5E30-2E2E-4F2C-AAAD-2B5DFB33CCEC}] => (Allow) LPort=26560
FirewallRules: [{9B0DF104-DA96-4BBC-959A-A3A0DBF792CA}] => (Allow) LPort=26560
FirewallRules: [{41AB4BBB-0E32-47EB-AC55-A97B3311BD0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7586075D-700C-4FC7-8B70-1E3002C2399B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DD73ED73-1CEF-4240-9265-D6EBE8C7B3AC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB06F091-6D81-4462-8E69-07E5EE257685}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D44E5863-7B42-47B7-93E9-7D486B1C532C}] => (Allow) C:\Program Files (x86)\Advanced Driver Updater\adu.exe
FirewallRules: [{AB79E263-5123-4EEF-838D-D6316307248D}] => (Allow) LPort=8755
FirewallRules: [{A8F61C80-92E3-4C4B-A194-83DE651DA267}] => (Allow) LPort=8755
FirewallRules: [{531A8B88-341D-4A70-BBBF-4FC9F5CF0C7F}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{10A4F1F6-90B9-465D-AB3F-AF39FC06A4AF}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{9CEB68F0-DDE3-4EC0-A2EA-576AF0A8B91D}] => (Allow) LPort=26560
FirewallRules: [{2BB7029D-9158-4BAF-AD26-6A3BF36EE565}] => (Allow) LPort=26560
FirewallRules: [{774366A9-F61F-42E9-AB50-1E17B62210A3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{3703E430-5858-43F3-9BD6-C1AE25009F9C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{34624375-196A-4404-83D7-62FDCB1D39B9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6C24D0E2-9C24-43B2-8388-9CEB6513D030}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B7C4B52A-97BB-413A-927E-782E5131CAE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CF2CF4BA-D051-4161-A452-D74496967BEC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FA544C47-3101-4504-B16A-598579C4FFAB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{473DA17C-3734-4E55-A8FA-E9741CCDC748}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6B56D757-C7D8-475F-B1CC-E1B113400A64}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B53708F2-F977-436D-8F63-F14F23860C93}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{852EADC4-7072-4E31-8104-1C596E00D75F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{13C0E9BB-DB9A-4BE9-92E9-547EA3B92789}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{514FC1F9-1379-4B00-B7F8-04F353E07B59}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{40F30C9F-2A82-4C0D-A4CA-DA5C9D3997E2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{87204C13-8A6D-4E64-8B4A-6F4721D61B83}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0BBB0E44-F693-4C79-AC43-A1012364F0EE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0BA6C0BE-7B91-493D-8178-1A7BC2E7B666}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2FCA03A2-0290-4E97-97EC-D5205E043779}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{33FEAE9B-7869-498C-B392-FF7CCA4D3B60}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2015 12:54:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/23/2015 12:42:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (7024) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V010008D.log.
 
Error: (10/23/2015 12:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguix.exe, version: 1.22.1.27494, time stamp: 0x5620e066
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x5523dc73
Exception code: 0xc0000005
Fault offset: 0x00444f46
Faulting process id: 0xec0
Faulting application start time: 0xavguix.exe0
Faulting application path: avguix.exe1
Faulting module path: avguix.exe2
Report Id: avguix.exe3
 
Error: (10/23/2015 12:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguix.exe, version: 1.22.1.27494, time stamp: 0x5620e066
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x5523dc73
Exception code: 0xc0000005
Fault offset: 0x00444f46
Faulting process id: 0xec0
Faulting application start time: 0xavguix.exe0
Faulting application path: avguix.exe1
Faulting module path: avguix.exe2
Report Id: avguix.exe3
 
Error: (10/23/2015 10:10:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary esgiguard.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/23/2015 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary esgiguard.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/23/2015 06:18:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary esgiguard.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/19/2015 04:31:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/18/2015 04:31:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/18/2015 04:31:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/23/2015 12:54:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/23/2015 12:36:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/23/2015 12:36:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PST Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (10/23/2015 12:35:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 55%
Total physical RAM: 4061.18 MB
Available physical RAM: 1811.24 MB
Total Virtual: 8120.55 MB
Available Virtual: 4832.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:223.21 GB) NTFS
Drive d: (8080) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:651.32 GB) (Free:628.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 38000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E0387D12)
Partition 1: (Not Active) - (Size=651.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.2 GB) - (Type=05)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)
 
==================== End of Addition.txt ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 PM

Posted 24 October 2015 - 08:14 AM

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


When time permits try this.

Type search in the search box, go to indexing options, click advanced then click rebuild. It will take a while to do.

===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M739642FF-86A8-4F8D-8B5E-7971C768BC6E&SearchSource=55&CUI=&UM=8&UP=SPA6F81894-3EDC-43B7-84BE-4C9C38B8795E&D=042815&SSPV=","hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1","hxxp://thepiratebay.sx/","hxxp://sww.shell.com/","hxxp://yahoo.com/","hxxps://mysearch.avg.com/?cid={1D8A1851-7298-4B18-BE2F-6D14A74B3CA0}&mid=dcb20eee0d8147d3bba9d16836b9859b-95471c3edaf4a3bcaf3199b7407de2ac8d39c5a1&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2013-11-12%2011:59:12&v=18.1.9.799&pid=safeguard&sg=91&sap=hp","hxxp://www.google.com/"
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-10-23]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-10-23]
AlternateDataStreams: C:\Users\Owner\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

How is the computer running now?

#9 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 24 October 2015 - 01:55 PM

FIXLOG.TXT:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01

Ran by Owner (2015-10-24 13:44:25) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M739642FF-86A8-4F8D-8B5E-7971C768BC6E&SearchSource=55&CUI=&UM=8&UP=SPA6F81894-3EDC-43B7-84BE-4C9C38B8795E&D=042815&SSPV=","hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1","hxxp://thepiratebay.sx/","hxxp://sww.shell.com/","hxxp://yahoo.com/","hxxps://mysearch.avg.com/?cid={1D8A1851-7298-4B18-BE2F-6D14A74B3CA0}&mid=dcb20eee0d8147d3bba9d16836b9859b-95471c3edaf4a3bcaf3199b7407de2ac8d39c5a1&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2013-11-12%2011:59:12&v=18.1.9.799&pid=safeguard&sg=91&sap=hp","hxxp://www.google.com/"
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-10-23]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-10-23]
AlternateDataStreams: C:\Users\Owner\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully
C:\Users\Owner\AppData\Local\desktop.ini => ":722b2b1c349a06abf0e866180e5a7e63" ADS removed successfully.
EmptyTemp: => 374 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:45:37 ====
 
 
 
 
 
When I have time I will do the list for Chrome browser also...
 
 
UPDATE:
Finished deleting / wiping / reinstalling Chrome. After reinstalling Chrome, it already had my bookmarks and passwords I didn't have to import them, is this normal?

Edited by cderoche, 24 October 2015 - 02:58 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 PM

Posted 25 October 2015 - 08:59 AM

UPDATE:
Finished deleting / wiping / reinstalling Chrome. After reinstalling Chrome, it already had my bookmarks and passwords I didn't have to import them, is this normal?


Chrome may be protecting these from now on. Better Safe then sorry.
Thanks for the information.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 cderoche

cderoche
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 October 2015 - 12:27 PM

Thank you for your help. That program didn't come back and no more popups.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 PM

Posted 26 October 2015 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users