Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might have RAT


  • This topic is locked This topic is locked
36 replies to this topic

#1 marsspeaks

marsspeaks

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 December 2015 - 07:38 PM

Hi, I expressed my concerns of possibly having a RAT on my laptop here. I have not used it for some months because of paranoia and would like to be 100% maybe it wasn't anything. I'd still like to see if its okay to save all my files onto an external hard drive so i can restore to factory settings/reformat. I have a lot of sims files, game data, family photos and videos and really don't want to lose them. I have not had anything too noticeable happen on my computer since or since i've been on here other than some freeze ups/slowness but that could be something altogether. 

 

FIRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by owner (administrator) on OWNER-HP (06-12-2015 17:57:40)
Running from C:\Users\owner\Downloads
Loaded Profiles: owner (Available Profiles: owner & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Users\owner\AppData\Local\Apps\F.lux\flux.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Users\owner\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\Install\{5A705C7B-1E82-4454-BAAB-F3070999A6E0}\47.0.2526.73_chrome_installer.exe
(Google Inc.) C:\Users\owner\AppData\Local\Temp\CR_F7FD1.tmp\setup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Farbar) C:\Users\owner\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [328800 2012-02-24] (BillP Studios)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-11-26] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [F.lux] => C:\Users\owner\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Viber] => C:\Users\owner\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-05] (Electronic Arts)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Clipdiary] => C:\Program Files (x86)\Clipdiary\clipdiary.exe [4972544 2012-12-28] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-26] (Google Inc.)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012-03-23]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{2A55CFB6-6696-4167-A7F4-6B7558AF296D}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{4159735B-4899-40EA-B160-48CE7FF178AF}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {BD2A5188-E192-48D1-A5B2-C792976ACC62} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-09] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-09] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-11-26] (AVG)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} hxxp://192.168.1.119/EDVR.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default
FF Homepage: hxxps://mysearch.avg.com?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Session Restore: -> is enabled.
FF Keyword.URL: 
FF NetworkProxy: "ftp", "31.3.249.9"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "31.3.249.9"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "31.3.249.9"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "31.3.249.9"
FF NetworkProxy: "ssl_port", 443
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/FlashPlayer -> C:\Users\owner\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-26] ()
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/vlc -> C:\Users\owner\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-26] (Hola)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\owner\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\avg-secure-search.xml [2014-11-13]
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\yahoo_ff.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-11-26]
FF Extension: XKit - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\xkit@studioxenix.com.xpi [2013-06-18] [not signed]
FF Extension: DownloadHelper - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-13] [not signed]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-29] [not signed]
FF Extension: AVG Web TuneUp - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\avg@toolbar [2015-11-26] [not signed]
FF Extension: Hola Better Internet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-26] [not signed]
FF Extension: Toontown Rewritten Invasion Notifier - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-r5XvBXxp7IZrAg@jetpack.xpi [2014-12-26] [not signed]
FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-23] [not signed]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-13] [not signed]
FF Extension: Block site - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-08] [not signed]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-13] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://store.hp.com/webapp/wcs/stores/servlet/us/en/pdp/desktops/hp-stream-mini-desktop---200-010"
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2014-11-03]
CHR Extension: (Video Downloader professional) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-06]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-02]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-11-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-21]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BMService; C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe [6932176 2014-06-06] (SoftPerfect Research)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-14] (Electronic Arts)
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-01-16] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2007-01-15] (MicroVision Development, Inc.) [File not signed]
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-11-26] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-26] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-17] () [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-11-01] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-11-01] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-09-15] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-11-01] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [142200 2006-11-01] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [34552 2006-11-01] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-11-01] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-09-15] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [137080 2006-11-01] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143736 2006-11-01] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [123928 2006-10-25] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-09-15] (Roxio)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-07] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-17] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
R1 spfdrv; C:\Windows\System32\DRIVERS\spfdrv.sys [40920 2013-08-22] (SoftPerfect)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 17:57 - 2015-12-06 18:06 - 00031470 _____ C:\Users\owner\Downloads\FRST.txt
2015-12-06 17:55 - 2015-12-06 17:57 - 00000000 ____D C:\FRST
2015-12-06 17:51 - 2015-12-06 17:53 - 02369024 _____ (Farbar) C:\Users\owner\Downloads\FRST64 (1).exe
2015-11-26 14:37 - 2015-11-26 14:37 - 00000000 ____D C:\Users\owner\.QtWebEngineProcess
2015-11-26 14:36 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\.ViberPC
2015-11-26 14:33 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\AppData\Local\Viber
2015-11-26 14:24 - 2015-11-26 14:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 12:18 - 2015-11-20 12:18 - 00003186 _____ C:\Windows\System32\Tasks\{B355D2B7-1838-4E9B-A9C8-B59E237A0723}
2015-11-20 12:02 - 2015-11-20 12:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 17:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-06 17:55 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:55 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:35 - 2015-04-10 15:35 - 00000911 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {BEEB2AB9-3B2E-47E7-BD17-8F99118302F7}.job
2015-12-06 17:31 - 2015-05-01 04:03 - 00000000 ____D C:\Users\owner\Downloads\Will and Grace
2015-12-06 17:22 - 2013-03-27 18:25 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA.job
2015-12-06 17:22 - 2013-03-27 18:25 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core.job
2015-12-06 17:20 - 2011-11-23 22:04 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{686E9398-FB87-4949-9AAB-FE145FCC02BD}
2015-12-06 17:17 - 2013-03-27 18:25 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA
2015-12-06 17:17 - 2013-03-27 18:25 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core
2015-12-06 17:07 - 2012-04-17 02:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2015-12-06 17:03 - 2013-11-15 17:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\ViberPC
2015-12-06 17:01 - 2011-12-27 12:46 - 00000000 ____D C:\ProgramData\MFAData
2015-12-06 17:01 - 2011-12-23 20:10 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2015-12-06 16:58 - 2014-07-26 22:19 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-06 16:58 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\AuthenTec
2015-12-06 16:57 - 2014-12-26 22:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Clipdiary
2015-12-06 16:57 - 2012-07-08 08:58 - 00000000 ____D C:\Users\owner\.rainlendar2
2015-12-06 16:56 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-12-06 16:56 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-12-06 16:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-26 14:40 - 2015-05-23 10:11 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-26 14:37 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner
2015-11-26 14:35 - 2014-11-13 18:34 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-11-26 14:35 - 2009-07-13 23:13 - 00812354 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-26 14:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-11-26 14:34 - 2014-11-13 18:37 - 00000000 ____D C:\Users\owner\AppData\Local\AVG Web TuneUp
2015-11-26 14:32 - 2014-11-13 18:34 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-11-20 12:32 - 2015-03-18 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-20 10:48 - 2015-05-24 15:05 - 04621834 _____ C:\Windows\ntbtlog.txt
2015-11-17 06:24 - 2014-10-31 07:43 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2014-03-28 17:11 - 2014-06-07 21:40 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-06-12 02:20 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2013-04-02 02:46 - 2013-04-02 02:46 - 0099384 _____ () C:\Users\owner\AppData\Roaming\inst.exe
2012-06-29 02:33 - 2013-04-02 02:46 - 0007859 _____ () C:\Users\owner\AppData\Roaming\pcouffin.cat
2012-06-29 02:33 - 2013-04-02 02:46 - 0001167 _____ () C:\Users\owner\AppData\Roaming\pcouffin.inf
2012-06-29 02:33 - 2013-04-02 02:47 - 0000034 _____ () C:\Users\owner\AppData\Roaming\pcouffin.log
2012-06-29 02:33 - 2013-04-02 02:46 - 0082816 _____ (VSO Software) C:\Users\owner\AppData\Roaming\pcouffin.sys
2012-12-12 23:41 - 2013-01-28 01:13 - 0000473 _____ () C:\Users\owner\AppData\Roaming\Poladroid prefs.plist
2013-04-02 02:52 - 2014-10-30 07:46 - 0000668 _____ () C:\Users\owner\AppData\Roaming\vso_ts_preview.xml
2012-02-27 09:30 - 2013-11-26 17:32 - 0000790 _____ () C:\Users\owner\AppData\Local\cookies.ini
2012-12-17 12:02 - 2015-05-23 19:56 - 0061440 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 21:55 - 2012-06-24 21:55 - 0000000 _____ () C:\Users\owner\AppData\Local\rx_image.Cache
2013-04-16 19:10 - 2013-05-02 05:56 - 0000023 _____ () C:\ProgramData\IpAndPort.fig
2013-04-16 19:10 - 2013-05-02 05:56 - 0000230 _____ () C:\ProgramData\RmUserCfg.ini
 
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AutoRun.exe
C:\Users\owner\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
C:\Users\owner\AppData\Local\Temp\sfamcc00001.dll
C:\Users\owner\AppData\Local\Temp\sfareca00001.dll
C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:51
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 December 2015 - 07:38 PM

Hi, I was redirected here after I expressed my concerns of possibly having a RAT on my laptop here. I have not used it for some months because of paranoia and would like to be 100% maybe it wasn't anything. I'd still like to see if its okay to save all my files onto an external hard drive so i can restore to factory settings/reformat. I have a lot of sims files, game data, family photos and videos and really don't want to lose them. I have not had anything too noticeable happen on my computer since or since i've been on here other than some freeze ups/slowness but that could be something altogether. 

 

FIRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by owner (administrator) on OWNER-HP (06-12-2015 17:57:40)
Running from C:\Users\owner\Downloads
Loaded Profiles: owner (Available Profiles: owner & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Users\owner\AppData\Local\Apps\F.lux\flux.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Users\owner\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\Install\{5A705C7B-1E82-4454-BAAB-F3070999A6E0}\47.0.2526.73_chrome_installer.exe
(Google Inc.) C:\Users\owner\AppData\Local\Temp\CR_F7FD1.tmp\setup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Farbar) C:\Users\owner\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [328800 2012-02-24] (BillP Studios)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-11-26] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [F.lux] => C:\Users\owner\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Viber] => C:\Users\owner\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-05] (Electronic Arts)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Clipdiary] => C:\Program Files (x86)\Clipdiary\clipdiary.exe [4972544 2012-12-28] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-26] (Google Inc.)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012-03-23]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{2A55CFB6-6696-4167-A7F4-6B7558AF296D}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{4159735B-4899-40EA-B160-48CE7FF178AF}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {BD2A5188-E192-48D1-A5B2-C792976ACC62} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-09] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-09] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-11-26] (AVG)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} hxxp://192.168.1.119/EDVR.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default
FF Homepage: hxxps://mysearch.avg.com?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Session Restore: -> is enabled.
FF Keyword.URL: 
FF NetworkProxy: "ftp", "31.3.249.9"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "31.3.249.9"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "31.3.249.9"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "31.3.249.9"
FF NetworkProxy: "ssl_port", 443
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/FlashPlayer -> C:\Users\owner\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-26] ()
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/vlc -> C:\Users\owner\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-26] (Hola)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\owner\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\avg-secure-search.xml [2014-11-13]
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\yahoo_ff.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-11-26]
FF Extension: XKit - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\xkit@studioxenix.com.xpi [2013-06-18] [not signed]
FF Extension: DownloadHelper - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-13] [not signed]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-29] [not signed]
FF Extension: AVG Web TuneUp - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\avg@toolbar [2015-11-26] [not signed]
FF Extension: Hola Better Internet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-26] [not signed]
FF Extension: Toontown Rewritten Invasion Notifier - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-r5XvBXxp7IZrAg@jetpack.xpi [2014-12-26] [not signed]
FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-23] [not signed]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-13] [not signed]
FF Extension: Block site - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-08] [not signed]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-13] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://store.hp.com/webapp/wcs/stores/servlet/us/en/pdp/desktops/hp-stream-mini-desktop---200-010"
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2014-11-03]
CHR Extension: (Video Downloader professional) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-06]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-02]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-11-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-21]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BMService; C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe [6932176 2014-06-06] (SoftPerfect Research)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-14] (Electronic Arts)
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-01-16] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2007-01-15] (MicroVision Development, Inc.) [File not signed]
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-11-26] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-26] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-17] () [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-11-01] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-11-01] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-09-15] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-11-01] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [142200 2006-11-01] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [34552 2006-11-01] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-11-01] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-09-15] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [137080 2006-11-01] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143736 2006-11-01] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [123928 2006-10-25] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-09-15] (Roxio)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-07] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-17] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
R1 spfdrv; C:\Windows\System32\DRIVERS\spfdrv.sys [40920 2013-08-22] (SoftPerfect)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 17:57 - 2015-12-06 18:06 - 00031470 _____ C:\Users\owner\Downloads\FRST.txt
2015-12-06 17:55 - 2015-12-06 17:57 - 00000000 ____D C:\FRST
2015-12-06 17:51 - 2015-12-06 17:53 - 02369024 _____ (Farbar) C:\Users\owner\Downloads\FRST64 (1).exe
2015-11-26 14:37 - 2015-11-26 14:37 - 00000000 ____D C:\Users\owner\.QtWebEngineProcess
2015-11-26 14:36 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\.ViberPC
2015-11-26 14:33 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\AppData\Local\Viber
2015-11-26 14:24 - 2015-11-26 14:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 12:18 - 2015-11-20 12:18 - 00003186 _____ C:\Windows\System32\Tasks\{B355D2B7-1838-4E9B-A9C8-B59E237A0723}
2015-11-20 12:02 - 2015-11-20 12:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 17:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-06 17:55 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:55 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:35 - 2015-04-10 15:35 - 00000911 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {BEEB2AB9-3B2E-47E7-BD17-8F99118302F7}.job
2015-12-06 17:31 - 2015-05-01 04:03 - 00000000 ____D C:\Users\owner\Downloads\Will and Grace
2015-12-06 17:22 - 2013-03-27 18:25 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA.job
2015-12-06 17:22 - 2013-03-27 18:25 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core.job
2015-12-06 17:20 - 2011-11-23 22:04 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{686E9398-FB87-4949-9AAB-FE145FCC02BD}
2015-12-06 17:17 - 2013-03-27 18:25 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA
2015-12-06 17:17 - 2013-03-27 18:25 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core
2015-12-06 17:07 - 2012-04-17 02:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2015-12-06 17:03 - 2013-11-15 17:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\ViberPC
2015-12-06 17:01 - 2011-12-27 12:46 - 00000000 ____D C:\ProgramData\MFAData
2015-12-06 17:01 - 2011-12-23 20:10 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2015-12-06 16:58 - 2014-07-26 22:19 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-06 16:58 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\AuthenTec
2015-12-06 16:57 - 2014-12-26 22:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Clipdiary
2015-12-06 16:57 - 2012-07-08 08:58 - 00000000 ____D C:\Users\owner\.rainlendar2
2015-12-06 16:56 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-12-06 16:56 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-12-06 16:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-26 14:40 - 2015-05-23 10:11 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-26 14:37 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner
2015-11-26 14:35 - 2014-11-13 18:34 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-11-26 14:35 - 2009-07-13 23:13 - 00812354 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-26 14:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-11-26 14:34 - 2014-11-13 18:37 - 00000000 ____D C:\Users\owner\AppData\Local\AVG Web TuneUp
2015-11-26 14:32 - 2014-11-13 18:34 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-11-20 12:32 - 2015-03-18 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-20 10:48 - 2015-05-24 15:05 - 04621834 _____ C:\Windows\ntbtlog.txt
2015-11-17 06:24 - 2014-10-31 07:43 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2014-03-28 17:11 - 2014-06-07 21:40 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-06-12 02:20 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2013-04-02 02:46 - 2013-04-02 02:46 - 0099384 _____ () C:\Users\owner\AppData\Roaming\inst.exe
2012-06-29 02:33 - 2013-04-02 02:46 - 0007859 _____ () C:\Users\owner\AppData\Roaming\pcouffin.cat
2012-06-29 02:33 - 2013-04-02 02:46 - 0001167 _____ () C:\Users\owner\AppData\Roaming\pcouffin.inf
2012-06-29 02:33 - 2013-04-02 02:47 - 0000034 _____ () C:\Users\owner\AppData\Roaming\pcouffin.log
2012-06-29 02:33 - 2013-04-02 02:46 - 0082816 _____ (VSO Software) C:\Users\owner\AppData\Roaming\pcouffin.sys
2012-12-12 23:41 - 2013-01-28 01:13 - 0000473 _____ () C:\Users\owner\AppData\Roaming\Poladroid prefs.plist
2013-04-02 02:52 - 2014-10-30 07:46 - 0000668 _____ () C:\Users\owner\AppData\Roaming\vso_ts_preview.xml
2012-02-27 09:30 - 2013-11-26 17:32 - 0000790 _____ () C:\Users\owner\AppData\Local\cookies.ini
2012-12-17 12:02 - 2015-05-23 19:56 - 0061440 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 21:55 - 2012-06-24 21:55 - 0000000 _____ () C:\Users\owner\AppData\Local\rx_image.Cache
2013-04-16 19:10 - 2013-05-02 05:56 - 0000023 _____ () C:\ProgramData\IpAndPort.fig
2013-04-16 19:10 - 2013-05-02 05:56 - 0000230 _____ () C:\ProgramData\RmUserCfg.ini
 
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AutoRun.exe
C:\Users\owner\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
C:\Users\owner\AppData\Local\Temp\sfamcc00001.dll
C:\Users\owner\AppData\Local\Temp\sfareca00001.dll
C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:51
 
==================== End of FRST.txt ============================

Edited by marsspeaks, 06 December 2015 - 07:41 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 08 December 2015 - 11:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Users\owner\AppData\Local\Temp\CR_F7FD1.tmp\setup.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-11-26] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-11-26] (AVG)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
FF Homepage: hxxps://mysearch.avg.com?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/FlashPlayer -> C:\Users\owner\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-26] ()
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/vlc -> C:\Users\owner\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-26] (Hola)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\avg-secure-search.xml [2014-11-13]
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\yahoo_ff.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-11-26]
FF Extension: Hola Better Internet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-26] [not signed]
FF Extension: Block site - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-08] [not signed]
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-11-26] (AVG Secure Search)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
C:\Users\owner\AppData\Local\Temp\CR_F7FD1.tmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Post also the Addition.txt file that was created by the Farbar tool.

Let me know what problem persists.

p.s.
I have merged both of your topics.

#4 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 09 December 2015 - 02:01 AM

Oh no sorry I hadn't realized I posted it twice!

I tried to run farbar but during the fixing process a pop up from origin came up that said it had not installed correctly I pressed okay and it made farbar freeze up. Is it okay to force restart/close out and start again??

When I do the additional log do I upload the first one I had made but forgotten to upload or do a new one?

EDIT
I tried it again after rebooting because I could tell it wasn't going to do anything. I left my laptop open to come back an hour later and it had shut down to battery dying. I'm currently doing it again :/
How long should the fixing process take? I hope I'm not messing anything up by trying it again, sorry..

Edited by marsspeaks, 09 December 2015 - 05:28 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 09 December 2015 - 10:13 AM

Stop the Process.

It should not take more that 15 to 20 minutes, even less.

You are running the Farbar tool from this Downloads folder.
C:\Users\owner\Downloads

Copy the Farbar program to your Desktop.
Copy also the Fixlist.txt file to your Desktop also.

Run the Farbar tool and click the Fix button.

Any improvement?

#6 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 09 December 2015 - 07:53 PM

I tried it again and did as you said I copied them and put them into my desktop and waited over an hour and felt like it was stuck in the fixing process. I didn't touch anything, I left it as soon as I clicked fix. Every time this happens I can't end the process, task manager will not come up so I have to reboot my computer. Should I try deleting those copies and MOVE the files from downloads to desktop instead of copy? Would this have anything to do with the file being called FRST (1) ?? Instead without the 1?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 10 December 2015 - 08:55 AM


Please run the Farbar tool normally.
(use the copy on your desktop.)
Post a fresh FRST log for my review.
Will take it from there.

How is the computer running now?

#8 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 10 December 2015 - 02:37 PM

I'm sorry about this :/ hope I'm not wasting your time!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by owner (administrator) on OWNER-HP (10-12-2015 13:18:51)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Users\owner\AppData\Local\Apps\F.lux\flux.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
() C:\Users\owner\AppData\Local\Viber\Viber.exe
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Facebook Inc.) C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
() C:\Program Files (x86)\Origin\UpdateTool.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\loggingserver.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.2.3\ScriptHelper.exe
() C:\Users\owner\AppData\Local\Google\Update\Install\{6DB2DF34-2231-47C8-B52E-1B852F613F82}\47.0.2526.80_47.0.2526.73_chrome_updater_3stage.exe
(Google Inc.) C:\Users\owner\AppData\Local\Temp\CR_55D60.tmp\setup.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\ProgramData\AVG Web TuneUp\CrashReport\avgdumpx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Farbar) C:\Users\owner\Desktop\FRST64 (1).exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [328800 2012-02-24] (BillP Studios)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2811792 2015-12-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [F.lux] => C:\Users\owner\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Viber] => C:\Users\owner\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638768 2015-12-07] (Electronic Arts)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Clipdiary] => C:\Program Files (x86)\Clipdiary\clipdiary.exe [4972544 2012-12-28] ()
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012-03-23]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{2A55CFB6-6696-4167-A7F4-6B7558AF296D}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{4159735B-4899-40EA-B160-48CE7FF178AF}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {147E6C64-D38B-4CD0-B9AA-6FEB3C207CC5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {BD2A5188-E192-48D1-A5B2-C792976ACC62} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-09] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-09] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll [2015-12-10] (AVG)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} hxxp://192.168.1.119/EDVR.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default
FF Homepage: hxxps://mysearch.avg.com?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Session Restore: -> is enabled.
FF Keyword.URL: 
FF NetworkProxy: "ftp", "31.3.249.9"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "31.3.249.9"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "31.3.249.9"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "31.3.249.9"
FF NetworkProxy: "ssl_port", 443
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/FlashPlayer -> C:\Users\owner\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-26] ()
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/vlc -> C:\Users\owner\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-26] (Hola)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\owner\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\avg-secure-search.xml [2014-11-13]
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\yahoo_ff.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-10]
FF Extension: XKit - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\xkit@studioxenix.com.xpi [2013-06-18] [not signed]
FF Extension: DownloadHelper - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-13] [not signed]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-29] [not signed]
FF Extension: AVG Web TuneUp - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\avg@toolbar [2015-11-26] [not signed]
FF Extension: Hola Better Internet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-26] [not signed]
FF Extension: Toontown Rewritten Invasion Notifier - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-r5XvBXxp7IZrAg@jetpack.xpi [2014-12-26] [not signed]
FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-23] [not signed]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-13] [not signed]
FF Extension: Block site - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-08] [not signed]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-13] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://store.hp.com/webapp/wcs/stores/servlet/us/en/pdp/desktops/hp-stream-mini-desktop---200-010"
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2014-11-03]
CHR Extension: (Video Downloader professional) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-09]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-02]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-11-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-21]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BMService; C:\Program Files\SoftPerfect Bandwidth Manager\BMCore.exe [6932176 2014-06-06] (SoftPerfect Research)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-07] (Electronic Arts)
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-13] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-13] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-01-16] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2007-01-15] (MicroVision Development, Inc.) [File not signed]
R2 vToolbarUpdater40.2.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-10] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-17] () [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-11-01] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-11-01] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-09-15] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-11-01] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [142200 2006-11-01] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [34552 2006-11-01] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-11-01] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-09-15] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [137080 2006-11-01] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143736 2006-11-01] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [123928 2006-10-25] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-09-15] (Roxio)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-07] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-17] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-12-02] (Sonic Solutions) [File not signed]
R1 spfdrv; C:\Windows\System32\DRIVERS\spfdrv.sys [40920 2013-08-22] (SoftPerfect)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-10 13:18 - 2015-12-10 13:22 - 00031532 _____ C:\Users\owner\Desktop\FRST.txt
2015-12-10 13:18 - 2015-12-10 13:18 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-09 17:23 - 2015-12-06 17:53 - 02369024 _____ (Farbar) C:\Users\owner\Desktop\FRST64 (1).exe
2015-12-09 03:50 - 2015-12-09 17:25 - 00004845 _____ C:\Users\owner\Desktop\Fixlog.txt
2015-12-09 00:37 - 2015-12-09 03:52 - 00004828 _____ C:\Users\owner\Downloads\Fixlog.txt
2015-12-09 00:35 - 2015-12-09 00:35 - 01738240 _____ C:\Users\owner\Desktop\adwcleaner_5.024.exe
2015-12-09 00:33 - 2015-12-09 00:33 - 00004004 _____ C:\Users\owner\Downloads\fixlist.txt
2015-12-09 00:25 - 2015-12-09 00:25 - 00000000 ____D C:\Users\owner\AppData\Local\GWX
2015-12-06 19:03 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-06 19:03 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-06 18:59 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-06 18:44 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-12-06 18:44 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-12-06 18:44 - 2015-07-09 11:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-12-06 18:43 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-12-06 18:43 - 2015-08-27 12:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-12-06 18:43 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-12-06 18:43 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-12-06 18:43 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-12-06 18:43 - 2015-08-27 11:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-12-06 18:43 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-12-06 18:43 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-12-06 18:43 - 2015-06-25 04:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-12-06 18:43 - 2015-06-25 04:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-06 18:43 - 2015-06-25 04:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-12-06 18:43 - 2015-06-25 03:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-06 18:43 - 2015-04-10 21:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-12-06 18:42 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-12-06 18:42 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-06 18:42 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-06 18:42 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-12-06 18:42 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-12-06 18:42 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-12-06 18:42 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-12-06 18:42 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-12-06 18:42 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-12-06 18:42 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-12-06 18:42 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-12-06 18:42 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-12-06 18:42 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-12-06 18:09 - 2015-12-06 18:19 - 00064001 _____ C:\Users\owner\Downloads\Addition.txt
2015-12-06 17:57 - 2015-12-06 18:19 - 00039232 _____ C:\Users\owner\Downloads\FRST.txt
2015-12-06 17:55 - 2015-12-10 13:18 - 00000000 ____D C:\FRST
2015-12-06 17:51 - 2015-12-06 17:53 - 02369024 _____ (Farbar) C:\Users\owner\Downloads\FRST64 (1).exe
2015-11-26 14:37 - 2015-11-26 14:37 - 00000000 ____D C:\Users\owner\.QtWebEngineProcess
2015-11-26 14:36 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\.ViberPC
2015-11-26 14:33 - 2015-11-26 14:36 - 00000000 ____D C:\Users\owner\AppData\Local\Viber
2015-11-26 14:24 - 2015-11-26 14:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 12:18 - 2015-11-20 12:18 - 00003186 _____ C:\Windows\System32\Tasks\{B355D2B7-1838-4E9B-A9C8-B59E237A0723}
2015-11-20 12:02 - 2015-11-20 12:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-10 13:22 - 2014-05-17 21:12 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core.job
2015-12-10 13:22 - 2013-03-27 18:25 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA.job
2015-12-10 13:20 - 2011-12-27 12:46 - 00000000 ____D C:\ProgramData\MFAData
2015-12-10 13:20 - 2011-11-23 22:04 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{686E9398-FB87-4949-9AAB-FE145FCC02BD}
2015-12-10 13:17 - 2014-11-13 18:34 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-10 13:17 - 2014-05-17 21:12 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA.job
2015-12-10 13:17 - 2012-11-06 20:23 - 00000000 ____D C:\ProgramData\Origin
2015-12-10 13:17 - 2011-12-23 20:10 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2015-12-10 13:16 - 2015-04-10 15:35 - 00000911 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {BEEB2AB9-3B2E-47E7-BD17-8F99118302F7}.job
2015-12-10 13:16 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\AuthenTec
2015-12-10 13:15 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-10 13:15 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-09 18:40 - 2013-11-15 17:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\ViberPC
2015-12-09 18:38 - 2014-12-26 22:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Clipdiary
2015-12-09 18:38 - 2012-07-08 08:58 - 00000000 ____D C:\Users\owner\.rainlendar2
2015-12-09 18:37 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-12-09 18:37 - 2014-08-29 22:28 - 00000376 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-12-09 18:36 - 2012-06-01 22:55 - 00000000 ____D C:\Users\Guest
2015-12-09 18:36 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 17:25 - 2013-03-27 18:25 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core.job
2015-12-09 03:47 - 2009-07-13 22:45 - 00386256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-07 23:33 - 2015-04-19 13:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-07 23:33 - 2014-07-26 22:19 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-07 23:31 - 2009-07-13 23:13 - 00812354 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-07 23:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-07 23:22 - 2015-04-03 14:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-07 23:22 - 2015-04-03 14:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-07 23:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-06 19:29 - 2013-08-08 14:16 - 00000000 ____D C:\Windows\system32\MRT
2015-12-06 19:03 - 2013-03-13 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-06 19:01 - 2013-03-13 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-06 19:01 - 2013-03-13 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-06 18:56 - 2012-06-08 00:18 - 00804968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-06 17:31 - 2015-05-01 04:03 - 00000000 ____D C:\Users\owner\Downloads\Will and Grace
2015-12-06 17:17 - 2013-03-27 18:25 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000UA
2015-12-06 17:17 - 2013-03-27 18:25 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3321978377-3572455603-535636726-1000Core
2015-12-06 17:07 - 2012-04-17 02:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2015-11-26 14:40 - 2015-05-23 10:11 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-26 14:37 - 2011-11-24 02:42 - 00000000 ____D C:\Users\owner
2015-11-26 14:35 - 2014-11-13 18:34 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-11-26 14:34 - 2014-11-13 18:37 - 00000000 ____D C:\Users\owner\AppData\Local\AVG Web TuneUp
2015-11-20 12:32 - 2015-03-18 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-20 10:48 - 2015-05-24 15:05 - 04621834 _____ C:\Windows\ntbtlog.txt
2015-11-17 06:24 - 2014-10-31 07:43 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2014-03-28 17:11 - 2014-06-07 21:40 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-06-12 02:20 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2013-04-02 02:46 - 2013-04-02 02:46 - 0099384 _____ () C:\Users\owner\AppData\Roaming\inst.exe
2012-06-29 02:33 - 2013-04-02 02:46 - 0007859 _____ () C:\Users\owner\AppData\Roaming\pcouffin.cat
2012-06-29 02:33 - 2013-04-02 02:46 - 0001167 _____ () C:\Users\owner\AppData\Roaming\pcouffin.inf
2012-06-29 02:33 - 2013-04-02 02:47 - 0000034 _____ () C:\Users\owner\AppData\Roaming\pcouffin.log
2012-06-29 02:33 - 2013-04-02 02:46 - 0082816 _____ (VSO Software) C:\Users\owner\AppData\Roaming\pcouffin.sys
2012-12-12 23:41 - 2013-01-28 01:13 - 0000473 _____ () C:\Users\owner\AppData\Roaming\Poladroid prefs.plist
2013-04-02 02:52 - 2014-10-30 07:46 - 0000668 _____ () C:\Users\owner\AppData\Roaming\vso_ts_preview.xml
2012-02-27 09:30 - 2013-11-26 17:32 - 0000790 _____ () C:\Users\owner\AppData\Local\cookies.ini
2012-12-17 12:02 - 2015-05-23 19:56 - 0061440 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 21:55 - 2012-06-24 21:55 - 0000000 _____ () C:\Users\owner\AppData\Local\rx_image.Cache
2013-04-16 19:10 - 2013-05-02 05:56 - 0000023 _____ () C:\ProgramData\IpAndPort.fig
2013-04-16 19:10 - 2013-05-02 05:56 - 0000230 _____ () C:\ProgramData\RmUserCfg.ini
 
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AutoRun.exe
C:\Users\owner\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.10.631.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.712.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.860.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.919.exe
C:\Users\owner\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.974.exe
C:\Users\owner\AppData\Local\Temp\sfamcc00001.dll
C:\Users\owner\AppData\Local\Temp\sfareca00001.dll
C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:51
 
==================== End of FRST.txt ============================

 

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 11 December 2015 - 08:52 AM


Start by running this tool.
Clean everything that will be found.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\loggingserver.exe
(Google Inc.) C:\Users\owner\AppData\Local\Temp\CR_55D60.tmp\setup.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2811792 2015-12-10] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3321978377-3572455603-535636726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3321978377-3572455603-535636726-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll [2015-12-10] (AVG)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
FF Homepage: hxxps://mysearch.avg.com?cid={7918670D-C21D-4CB1-A0D5-98C73E21AAB5}&mid=ca21d58c66c647d1820b9557e73232ef-9d20d63c963902d99a931519949f8182a7272ace&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-13 18:36:25&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/FlashPlayer -> C:\Users\owner\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-26] ()
FF Plugin HKU\S-1-5-21-3321978377-3572455603-535636726-1000: @hola.org/vlc -> C:\Users\owner\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-26] (Hola)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\avg-secure-search.xml [2014-11-13]
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\searchplugins\yahoo_ff.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-10]
FF Extension: Hola Better Internet - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-26] [not signed]
FF Extension: Block site - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\dnyehbs6.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-08] [not signed]
R2 vToolbarUpdater40.2.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
C:\Users\owner\AppData\Local\Temp\CR_55D60.tmp
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3321978377-3572455603-535636726-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

p.s.
HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it via Control Panel > Programs and Features applet.
Use the Farbar tool from now on to report problems.
<<<>>>

Post the logs and let me know what problem persists.

Edited by nasdaq, 11 December 2015 - 08:53 AM.


#10 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 11 December 2015 - 11:03 PM

I tried both and during the cleaning process with Adwcleaner it froze up on my me multiple times and had to be restarted. Same with Farbar, its still freezing during the fixing stage. 

 

I closed everything I could think of with Adwcleaner so I don't know what it is. Do I need to do the same with farbar? Is it doing this because of some malware/RAT? I turn the internet off as I run these programs.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 12 December 2015 - 08:28 AM

Lets try this tool.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.
 

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Empty Temp
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

#12 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 13 December 2015 - 09:00 AM

Just got it done! I hope I did it correctly. When I first clicked my options and started it something popped up saying it froze? Or a program called PZNT I'm not sure Its not entirely correct! But I closed out and the scan seemed to run normally..

 

Now at the end I didn't realize AVG reenabled itsself so I had to allow the  "zoek.bat" to process and my computer restarted. I hope this was okay and the correct thing to do. 

 

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 13 December 2015 - 10:08 AM

Can you now execute the instructions on post no 9.

Keep me posted as to what issues persists.

#14 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 13 December 2015 - 05:41 PM

Adwcleaner and Farbar both still still freeze up/go to not respond on me during their deleting and fixing processes. Why is this?? 

 

An btw I have windows 7 if it matters.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 PM

Posted 14 December 2015 - 09:04 AM

Are you sure you are running the Farbar tool as an Administrator?

Right Click the file and select run as Administrator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users