Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another browser hijack


  • This topic is locked This topic is locked
11 replies to this topic

#1 piper69

piper69

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 01 March 2016 - 08:19 AM

Hi

 

I am a new user and have read through some of the forums and see that you offer good advice on malware removal.

 

I have recently been geting a lot of redirects and ad popups.  I removed some legit software in order to  do an upgrade and while I was ding that I took the opportunity to do a system factory restore.  I still get these popups.

 

I have managed to get rid of some using Avast and malwarebytes and also by uninstalling launcher files and deleting others from the system folder.

 

I am still getting some so must have missed something.

 

I would appreciate any help that anyone could give me.

 

Thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 01 March 2016 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

#3 piper69

piper69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 02 March 2016 - 09:01 AM

hi nasdaq

 

Thank you for your help.  Please find files below and attached

 

# AdwCleaner v5.037 - Logfile created 02/03/2016 at 21:50:05
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Toby - TOBY-HP
# Running from : C:\Users\Toby\Desktop\adwcleaner_5.037.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : ihpmServer
Service Found : WdMan
Service Found : brsrv
Service Found : nixiwenizbt
Service Found : zigipyro

***** [ Folders ] *****

Folder Found : C:\Program Files\SpaceSoundPro
Folder Found : C:\Program Files (x86)\RayDld
Folder Found : C:\Program Files (x86)\SunnyDay3
Folder Found : C:\Program Files (x86)\SystemHealer
Folder Found : C:\Program Files (x86)\CleanBrowser
Folder Found : C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531
Folder Found : C:\Program Files (x86)\mbot_au_014010252
Folder Found : C:\Program Files (x86)\SunnyDay3
Folder Found : C:\Program Files (x86)\mbot_au_014010252
Folder Found : C:\Program Files (x86)\SunnyDay3
Folder Found : C:\ProgramData\Browser
Folder Found : C:\ProgramData\PlayGemConfig
Folder Found : C:\ProgramData\8WdM8
Folder Found : C:\ProgramData\98be0587-0281-0
Folder Found : C:\ProgramData\98be0587-3307-1
Folder Found : C:\ProgramData\98be0587-75e7-1
Folder Found : C:\ProgramData\98be0587-7815-0
Folder Found : C:\ProgramData\rWdMr
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Folder Found : C:\Users\Toby\AppData\Local\SearchModule
Folder Found : C:\Users\Toby\AppData\Local\SunnyDay3
Folder Found : C:\Users\Toby\AppData\Local\TrailerTime
Folder Found : C:\Users\Toby\AppData\Local\TECHP-Browser
Folder Found : C:\Users\Toby\AppData\Local\mbot_au_014010252
Folder Found : C:\Users\Toby\AppData\Local\SunnyDay3
Folder Found : C:\Users\Toby\AppData\Local\46353037-1456775809-3038-3144-393731314531
Folder Found : C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531
Folder Found : C:\Users\Toby\AppData\Local\mbot_au_014010252
Folder Found : C:\Users\Toby\AppData\Local\SunnyDay13
Folder Found : C:\Users\Toby\AppData\Local\SunnyDay3
Folder Found : C:\Users\Toby\AppData\Local\win_en_77
Folder Found : C:\Users\Toby\AppData\Roaming\ASPackage
Folder Found : C:\Users\Toby\AppData\Roaming\mysites123
Folder Found : C:\Users\Toby\AppData\Roaming\yoursearching
Folder Found : C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage

***** [ Files ] *****

File Found : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\Launch System Healer.lnk
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mysites123.com_0.localstorage
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mysites123.com_0.localstorage-journal
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yoursearching.com_0.localstorage
File Found : C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yoursearching.com_0.localstorage-journal
File Found : C:\Users\Toby\Desktop\Continue ExtraFeatures Installation.lnk
File Found : C:\Windows\SysNative\roboot64.exe
File Found : C:\Windows\SysNative\drivers\sdfhgdf.sys

***** [ DLL ] *****

File Infected : C:\Windows\SysNative\dnsapi.dll
File Infected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : SystemHealer Monitor
Task Found : SystemHealer Run Delay
Task Found : System HealerStartUp
Task Found : System HealerPeriod
Task Found : System Healer Task
Task Found : IBUpd2

***** [ Registry ] *****

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PlayGem.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
Key Found : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\Microsoft\Tinstalls
Key Found : HKCU\Software\System Healer
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\AppDataLow\Software\TrailerTime
Key Found : HKLM\SOFTWARE\ihpmserver
Key Found : HKLM\SOFTWARE\MyBestOffersToday
Key Found : HKLM\SOFTWARE\mysites123Software
Key Found : HKLM\SOFTWARE\PlayGem
Key Found : HKLM\SOFTWARE\RayDld
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WindoWeather
Key Found : HKLM\SOFTWARE\yoursearchingSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DE557DA7-0637-4690-B7DD-81B8D085A8DF}]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456661635&z=59b76423d9892f7c1ebfabbgcz1w7q6q0q1g4qfc6w&from=brd&uid=HitachiXHTS547575A9E384_J2190054D32L5DD32L5DX
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer] - 104.197.191.4
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com

***** [ Web browsers ] *****

[C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysites123
[C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : yoursearching

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [9812 bytes] - [02/03/2016 21:50:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9885 bytes] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by Toby (administrator) on TOBY-HP (02-03-2016 21:54:28)
Running from C:\Users\Toby\Desktop\Farbar
Loaded Profiles: Toby (Available Profiles: Toby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Windows\Temp\6214.tmp
() C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe
(Microsoft Corporation) C:\c89e093d8b0412f9f6\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Users\Toby\Desktop\adwcleaner_5.037.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-26] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-10] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-28] (AVAST Software)
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971976 2016-01-29] ()
HKLM-x32\...\Run: [mbot_au_014010252] => C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe [3972784 2016-02-28] ()
HKLM-x32\...\RunOnce: [upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] ()
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-02-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B}: [DhcpNameServer] 172.168.31.32
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-02-28] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-28] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-02-28] (Oracle Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-01-29] (Wondershare)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-28] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-11] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456661635&z=59b76423d9892f7c1ebfabbgcz1w7q6q0q1g4qfc6w&from=brd&uid=HitachiXHTS547575A9E384_J2190054D32L5DD32L5DX

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2016-02-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-29]
CHR Extension: (Website Logon) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2016-02-29]
CHR Extension: (Google Docs) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-29]
CHR Extension: (Google Drive) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-29]
CHR Extension: (YouTube) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-29]
CHR Extension: (Google Search) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-29]
CHR Extension: (Google Sheets) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-29]
CHR Extension: (Google Docs Offline) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-29]
CHR Extension: (Avast Online Security) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-29] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-26] (CyberLink)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275192 2016-02-25] (RayDl)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [320168 2016-02-28] (TU-Funs LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 zigipyro; C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp [158720 2015-12-26] () [File not signed]
S3 brsrv; C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\brsrv.exe [X]
S2 nixiwenizbt; C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531\knskCA0E.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-28] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-02-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-28] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-02 21:54 - 2016-03-02 21:54 - 00000000 ____D C:\FRST
2016-03-02 21:52 - 2016-03-02 21:54 - 00000000 ____D C:\Users\Toby\Desktop\Farbar
2016-03-02 21:49 - 2016-03-02 21:50 - 00000000 ____D C:\AdwCleaner
2016-03-02 21:48 - 2016-03-02 21:49 - 00000000 ____D C:\c89e093d8b0412f9f6
2016-03-02 21:43 - 2016-03-02 21:43 - 01518592 _____ C:\Users\Toby\Desktop\adwcleaner_5.037.exe
2016-03-02 21:25 - 2016-03-02 21:25 - 00000000 ____D C:\Users\Toby\AppData\Local\app
2016-03-02 21:23 - 2016-03-02 21:25 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-03-02 21:23 - 2016-03-02 21:23 - 00000000 ____D C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531
2016-03-02 21:23 - 2016-02-29 18:54 - 00552880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAE45.tmp
2016-03-02 21:23 - 2016-02-29 18:53 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAE66.tmp
2016-03-02 21:23 - 2016-02-28 18:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB11A.tmp
2016-03-02 21:23 - 2016-02-28 18:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB13A.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAEA5.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-02 21:23 - 2016-02-28 18:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB16A.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB05D.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAF42.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB07D.tmp
2016-03-02 21:23 - 2016-02-28 18:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAF81.tmp
2016-03-02 21:21 - 2016-03-02 21:21 - 00001447 _____ C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-02 02:03 - 2016-03-03 09:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-01 21:55 - 2016-03-01 21:55 - 00000000 ____D C:\ProgramData\98be0587-7815-0
2016-03-01 21:55 - 2016-03-01 21:55 - 00000000 ____D C:\ProgramData\98be0587-75e7-1
2016-03-01 21:39 - 2015-02-04 11:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-03-01 21:39 - 2015-02-04 10:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-03-01 17:43 - 2016-03-01 17:43 - 00023293 _____ C:\ComboFix.txt
2016-03-01 17:12 - 2016-03-03 09:24 - 00000000 ____D C:\Windows\erdnt
2016-03-01 17:12 - 2016-03-01 17:43 - 00000000 ____D C:\Qoobox
2016-03-01 17:10 - 2016-03-01 17:10 - 00000000 ____D C:\Users\Toby\AppData\Local\PDFConverter.com
2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\Windows\run.vbs
2016-02-29 21:36 - 2016-03-03 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-29 20:30 - 2016-02-29 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-02-29 20:29 - 2016-02-29 20:30 - 00000000 ____D C:\ProgramData\COMODO
2016-02-29 20:28 - 2016-02-29 21:02 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Nico Mak Computing
2016-02-29 20:28 - 2014-09-30 16:07 - 00019120 _____ (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\system32\roboot64.exe
2016-02-29 20:27 - 2016-02-29 20:27 - 00000000 ____D C:\Users\Toby\Screenshots
2016-02-29 20:07 - 2016-02-29 20:07 - 00000000 ____D C:\ProgramData\PlayGemConfig
2016-02-29 19:57 - 2016-03-03 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-02-29 19:57 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-02-29 19:57 - 2016-03-02 21:20 - 00000270 _____ C:\Windows\Tasks\System HealerStartUp.job
2016-02-29 19:57 - 2016-03-02 21:19 - 00000270 _____ C:\Windows\Tasks\System HealerPeriod.job
2016-02-29 19:57 - 2016-02-29 19:57 - 00023054 _____ C:\Windows\System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104}
2016-02-29 19:57 - 2016-02-29 19:57 - 00003566 _____ C:\Windows\System32\Tasks\System Healer Task
2016-02-29 19:57 - 2016-02-29 19:57 - 00003300 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
2016-02-29 19:57 - 2016-02-29 19:57 - 00003234 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2016-02-29 19:57 - 2016-02-29 19:57 - 00002844 _____ C:\Windows\System32\Tasks\System HealerPeriod
2016-02-29 19:57 - 2016-02-29 19:57 - 00002542 _____ C:\Windows\System32\Tasks\System HealerStartUp
2016-02-29 19:57 - 2016-02-29 19:57 - 00001059 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2016-02-29 19:56 - 2016-02-29 19:57 - 00000000 ____D C:\Users\Toby\AppData\Local\46353037-1456775809-3038-3144-393731314531
2016-02-29 19:55 - 2016-03-03 10:20 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2016-02-29 19:55 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531
2016-02-29 19:55 - 2016-02-29 19:55 - 00000000 ____D C:\Users\Toby\AppData\Roaming\ASPackage
2016-02-29 19:53 - 2016-03-03 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-02-29 19:53 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\mbot_au_014010252
2016-02-29 19:53 - 2016-03-02 21:24 - 00000000 ____D C:\Users\Toby\AppData\Local\mbot_au_014010252
2016-02-29 19:53 - 2016-02-29 01:40 - 00048752 _____ (StdLib) C:\Windows\system32\Drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
2016-02-29 19:52 - 2016-03-03 10:20 - 00000000 ____D C:\Users\Toby\AppData\Roaming\denaf
2016-02-29 19:33 - 2016-02-29 19:33 - 00001269 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\Documents\Wondershare MediaServer
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Wondershare Video Converter Ultimate
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-02-29 19:32 - 2016-02-29 19:39 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-02-29 19:32 - 2016-02-29 19:32 - 00000000 ____D C:\ProgramData\Wondershare
2016-02-29 19:32 - 2016-02-29 19:32 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-02-29 19:32 - 2016-01-19 17:15 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2016-02-29 19:32 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-02-29 19:32 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2016-02-29 19:26 - 2016-02-29 19:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-02-29 19:24 - 2016-02-29 19:23 - 00805960 _____ C:\Users\Toby\Desktop\video-converter-ultimate_setup_full495.exe
2016-02-29 19:23 - 2016-02-29 19:23 - 00805960 _____ C:\Users\Toby\Downloads\video-converter-ultimate_setup_full495.exe
2016-02-29 18:55 - 2016-03-02 21:27 - 00003046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1456743300
2016-02-29 18:55 - 2016-03-02 21:27 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-02-29 18:55 - 2016-02-29 18:55 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-29 18:55 - 2016-02-29 18:55 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-29 18:55 - 2016-02-29 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-29 18:53 - 2016-02-29 18:54 - 00552880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-02-29 18:53 - 2016-02-29 18:53 - 00478128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-02-29 18:53 - 2016-02-29 18:53 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-29 18:53 - 2016-02-28 18:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\asw67FA.tmp
2016-02-29 18:53 - 2016-02-28 18:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6888.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw63C1.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw68F6.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw66EF.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6651.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw676D.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6681.tmp
2016-02-29 18:50 - 2016-02-29 18:50 - 00001805 _____ C:\Users\Toby\Downloads\license.avastlic
2016-02-29 18:50 - 2016-02-29 18:50 - 00001805 _____ C:\Users\Toby\Desktop\license.avastlic
2016-02-29 18:23 - 2016-02-29 18:23 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-02-29 17:01 - 2016-02-29 19:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 17:01 - 2016-02-29 17:37 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-29 17:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-29 17:00 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-29 17:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-29 16:59 - 2016-02-29 16:58 - 22908888 _____ (Malwarebytes ) C:\Users\Toby\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-29 16:58 - 2016-02-29 16:58 - 22908888 _____ (Malwarebytes ) C:\Users\Toby\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-29 16:53 - 2016-02-29 17:37 - 00002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-29 16:53 - 2016-02-29 17:37 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-29 16:52 - 2016-02-29 17:36 - 00000000 ____D C:\ProgramData\Browser
2016-02-29 16:49 - 2016-03-02 21:23 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-29 16:39 - 2016-02-29 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 16:39 - 2016-02-29 17:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 16:39 - 2016-02-29 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-28 20:57 - 2016-03-01 08:44 - 00000000 ____D C:\Users\Toby\AppData\Local\SunnyDay13
2016-02-28 20:57 - 2016-02-28 20:57 - 00000000 ____D C:\ProgramData\rWdMr
2016-02-28 20:56 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\SunnyDay3
2016-02-28 20:56 - 2016-02-28 21:25 - 00000000 ____D C:\Users\Toby\AppData\Local\SunnyDay3
2016-02-28 20:53 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-02-28 20:53 - 2016-03-01 08:44 - 00000000 ____D C:\Users\Toby\AppData\Local\TECHP-Browser
2016-02-28 20:53 - 2016-02-28 20:53 - 00000000 ____D C:\Users\Toby\AppData\Local\win_en_77
2016-02-28 20:46 - 2016-02-28 20:46 - 00003090 _____ C:\Windows\System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A}
2016-02-28 20:40 - 2016-02-29 17:37 - 00001062 _____ C:\Users\Toby\Desktop\Continue ExtraFeatures Installation.lnk
2016-02-28 20:40 - 2016-02-28 20:40 - 00000000 ____D C:\Windows\system32\qosf
2016-02-28 20:40 - 2016-02-28 20:40 - 00000000 ____D C:\Users\Toby\AppData\Roaming\RogniIxorary
2016-02-28 20:22 - 2016-02-28 20:22 - 00003242 _____ C:\Windows\System32\Tasks\IBUpd2
2016-02-28 20:20 - 2016-03-02 21:40 - 00000000 ____D C:\Users\Toby\AppData\Local\CrashDumps
2016-02-28 20:20 - 2016-02-29 17:46 - 00000000 ____D C:\Users\Toby\AppData\Local\SearchModule
2016-02-28 20:20 - 2016-02-28 20:20 - 00003308 _____ C:\Windows\System32\Tasks\RSPro1
2016-02-28 20:20 - 2016-02-25 11:29 - 00029416 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2016-02-28 20:14 - 2016-02-28 20:57 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-28 20:14 - 2016-02-28 20:15 - 00000000 ____D C:\ProgramData\8WdM8
2016-02-28 20:13 - 2016-02-28 20:57 - 00000000 ____D C:\Users\Toby\AppData\Roaming\yoursearching
2016-02-28 20:13 - 2016-02-28 20:40 - 00000000 ____D C:\Users\Toby\AppData\Local\Tempfolder
2016-02-28 20:13 - 2016-02-28 20:13 - 00000000 ____D C:\Windows\system32\ifu
2016-02-28 20:13 - 2016-02-28 20:13 - 00000000 ____D C:\Users\Toby\AppData\Roaming\TolpucYfis
2016-02-28 20:11 - 2016-02-28 20:45 - 00000000 ____D C:\Users\Toby\AppData\Local\TrailerTime
2016-02-28 20:10 - 2016-02-28 20:10 - 00000000 ____D C:\ProgramData\98be0587-3307-1
2016-02-28 20:10 - 2016-02-28 20:10 - 00000000 ____D C:\ProgramData\98be0587-0281-0
2016-02-28 20:08 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\RayDld
2016-02-28 20:08 - 2016-02-28 20:40 - 00000000 ____D C:\Users\Toby\AppData\Roaming\mysites123
2016-02-28 20:08 - 2016-02-28 20:06 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-28 20:06 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2016-02-28 19:44 - 2016-02-28 19:46 - 00000068 _____ C:\Windows\iltwain.ini
2016-02-28 19:44 - 2016-02-28 19:44 - 00000095 _____ C:\Users\Toby\DBMTApplicationState.xml
2016-02-28 19:31 - 2016-02-28 19:31 - 00000000 ____D C:\Users\Toby\AppData\Local\Oracle
2016-02-28 19:30 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\Oracle
2016-02-28 19:22 - 2016-02-28 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-28 19:22 - 2016-02-28 19:21 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-28 19:13 - 2016-02-29 16:46 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForTOBY-HP$.job
2016-02-28 19:13 - 2016-02-28 19:13 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTOBY-HP$
2016-02-28 18:29 - 2016-02-29 20:08 - 00000000 ____D C:\Program Files\Google
2016-02-28 18:27 - 2016-03-02 21:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 18:27 - 2016-03-02 21:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-28 18:27 - 2016-03-02 21:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-28 18:27 - 2016-02-29 17:48 - 00000000 ____D C:\Users\Toby\AppData\Local\Google
2016-02-28 18:27 - 2016-02-28 18:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-28 18:27 - 2016-02-28 18:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-28 18:26 - 2016-02-29 20:05 - 00000000 ___SD C:\Users\Toby\AppData\LocalLow\Temp
2016-02-28 18:24 - 2016-03-03 10:21 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-28 18:24 - 2016-02-28 18:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-28 18:24 - 2016-02-28 18:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-28 18:24 - 2016-02-28 18:24 - 00000000 ____D C:\Users\Toby\AppData\Roaming\AVAST Software
2016-02-28 18:24 - 2016-02-28 18:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-28 18:24 - 2016-02-28 18:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-28 18:21 - 2016-02-29 18:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-28 18:21 - 2016-02-29 18:53 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-28 18:20 - 2016-02-28 18:21 - 05207096 _____ (AVAST Software) C:\Users\Toby\Downloads\avast_free_antivirus_setup_online.exe
2016-02-28 18:20 - 2016-02-28 18:21 - 05207096 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-02-28 18:16 - 2016-02-28 18:16 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Macromedia
2016-02-28 18:14 - 2016-02-28 18:16 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Adobe
2016-02-28 18:14 - 2016-02-28 18:14 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\Adobe
2016-02-28 18:14 - 2016-02-28 18:14 - 00000000 ____D C:\Users\Toby\AppData\Local\Adobe
2016-02-28 18:13 - 2016-02-28 18:13 - 00000000 ____D C:\Users\Toby\Desktop\Whittens
2016-02-28 18:13 - 2016-02-28 18:13 - 00000000 ____D C:\Users\Toby\Desktop\TWC Docs
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\SEA
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\Project_Pro_2010_x64
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\pipergt (1)
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\pipergt
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\Piper
2016-02-28 18:11 - 2016-02-28 18:11 - 00000000 ____D C:\Users\Toby\Desktop\pictures1
2016-02-28 18:05 - 2016-02-28 18:07 - 00000000 ____D C:\Users\Toby\Desktop\P6_R151_Proffessional_Client
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Office 2010 activation
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Morris
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Ford 351 Cleveland Engines, How to Build [PDF] [StormRG]
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Finance
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\Sun
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\AVAST Software
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\Automation_StandAlone
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\Automation
2016-02-28 18:02 - 2016-02-28 18:02 - 00000000 ____D C:\Users\Toby\Desktop\Adobe
2016-02-28 18:02 - 2016-02-28 18:02 - 00000000 ____D C:\Users\Toby\Desktop\76C purchase 2006
2016-02-28 18:01 - 2016-02-28 18:01 - 00000000 ____D C:\Users\Toby\Desktop\CVs
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Roaming\ATI
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Local\ATI
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Local\AMD
2016-02-28 17:59 - 2016-02-28 18:13 - 00000000 ___DC C:\Users\Toby\AppData\Local\MigWiz
2016-02-28 17:59 - 2016-02-28 17:59 - 00003816 _____ C:\Windows\System32\Tasks\SetupManager
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\Documents\Bluetooth Exchange Folder
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Synaptics
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Roaming\hpqLog
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Local\Broadcom
2016-02-28 17:58 - 2016-03-02 21:21 - 00001413 _____ C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-28 17:58 - 2016-02-28 17:58 - 00003334 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46D596C3-45C6-4E53-8391-47C00073965B}
2016-02-28 17:57 - 2016-02-28 19:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForToby.job
2016-02-28 17:57 - 2016-02-28 18:13 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForToby
2016-02-28 17:57 - 2016-02-28 17:57 - 00057560 _____ C:\Users\Toby\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-28 17:57 - 2016-02-28 17:57 - 00000000 ____D C:\Users\Toby\AppData\Local\RemEngine
2016-02-28 17:34 - 2016-02-29 17:37 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
2016-02-28 17:34 - 2016-02-29 17:37 - 00002012 _____ C:\Users\Public\Desktop\eBay.lnk
2016-02-28 17:34 - 2016-02-29 17:37 - 00002010 _____ C:\Users\Public\Desktop\Snapfish.lnk
2016-02-28 17:34 - 2016-02-28 17:58 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Hewlett-Packard
2016-02-28 17:34 - 2016-02-28 17:58 - 00000000 ____D C:\Users\Toby\AppData\Local\Hewlett-Packard_Company
2016-02-28 17:34 - 2016-02-28 17:57 - 00000000 ____D C:\Users\Toby\AppData\Local\Hewlett-Packard
2016-02-28 17:34 - 2016-02-28 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media
2016-02-28 17:32 - 2016-03-02 21:20 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\AuthenTec
2016-02-28 17:32 - 2016-03-02 21:19 - 00000000 ____D C:\Users\Toby
2016-02-28 17:32 - 2016-03-01 16:50 - 00000000 ____D C:\Users\Toby\AppData\Local\VirtualStore
2016-02-28 17:32 - 2016-02-28 17:32 - 00000020 ___SH C:\Users\Toby\ntuser.ini
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\My Documents
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Videos
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Pictures
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Music
2016-02-28 17:32 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-28 17:32 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-28 17:32 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-28 17:32 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-28 17:32 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-28 17:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-28 17:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-28 17:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-28 17:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-28 17:32 - 2011-12-03 20:07 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Media Center Programs
2016-02-15 18:15 - 2016-02-15 19:07 - 3360286974 _____ C:\Users\Toby\Desktop\Transporter.3.2008.720.BrRip.x264.YIFY+HI.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-03 10:21 - 2011-09-11 13:52 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-03-03 10:21 - 2011-09-11 13:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-03-03 10:21 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\servicing
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\L2Schemas
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-03 10:19 - 2011-09-11 13:59 - 00000000 ____D C:\Program Files\Java
2016-03-03 10:19 - 2011-09-11 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-03 10:19 - 2011-09-11 13:57 - 00000000 ___RD C:\Program Files\Online Services
2016-03-03 10:19 - 2011-09-11 13:53 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-03-03 10:19 - 2011-09-11 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-03 10:19 - 2011-09-11 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-03 10:19 - 2011-09-11 13:43 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-03-03 09:22 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-03 09:13 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-03-03 09:10 - 2011-12-03 19:36 - 00000000 ____D C:\ProgramData\Temp
2016-03-02 21:52 - 2011-12-03 19:23 - 00766184 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-02 21:52 - 2009-07-14 13:13 - 00766184 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-02 21:52 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-03-02 21:28 - 2009-07-14 12:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-02 21:28 - 2009-07-14 12:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-02 21:21 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-02 21:19 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-01 08:44 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-29 19:53 - 2009-07-14 10:34 - 00000505 _____ C:\Windows\win.ini
2016-02-29 18:23 - 2011-09-11 13:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-02-29 17:39 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs
2016-02-29 17:37 - 2011-12-03 19:12 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-29 17:37 - 2011-12-03 19:12 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-29 17:37 - 2011-09-11 14:00 - 00002179 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-02-29 17:37 - 2011-09-11 13:52 - 00002086 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-29 17:37 - 2011-09-11 13:43 - 00002394 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-02-29 17:37 - 2009-07-14 13:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-29 17:37 - 2009-07-14 12:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-29 17:37 - 2009-07-14 12:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-29 09:30 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-02-29 09:29 - 2007-01-02 09:25 - 00000000 ____D C:\Windows\Panther
2016-02-29 09:28 - 2009-07-14 13:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-02-29 09:27 - 2011-09-11 13:43 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-28 19:36 - 2011-09-11 13:56 - 00000000 ____D C:\ProgramData\Adobe
2016-02-28 19:10 - 2011-12-03 19:39 - 00000000 ____D C:\ProgramData\Norton
2016-02-28 17:34 - 2011-09-11 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-02-28 17:34 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 17:34 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-28 17:33 - 2011-02-11 03:23 - 00000000 ___HD C:\SYSTEM.SAV
2016-02-28 17:33 - 2011-02-11 03:23 - 00000000 ____D C:\SWSetup
2016-02-28 17:31 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries

==================== Files in the root of some directories =======

2016-02-28 20:14 - 2016-02-28 20:57 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Users\Toby\AppData\Local\temp\2CBB.tmp.exe
C:\Users\Toby\AppData\Local\temp\34CC.tmp.exe
C:\Users\Toby\AppData\Local\temp\43B.tmp.exe
C:\Users\Toby\AppData\Local\temp\68E1.tmp.exe
C:\Users\Toby\AppData\Local\temp\91E6.tmp.exe
C:\Users\Toby\AppData\Local\temp\9B5.tmp.exe
C:\Users\Toby\AppData\Local\temp\amisetup8473__18454.exe
C:\Users\Toby\AppData\Local\temp\D4DB.tmp.exe
C:\Users\Toby\AppData\Local\temp\D4DE.tmp.exe
C:\Users\Toby\AppData\Local\temp\Microsoft Toolkit 2.6.6__9465_il3308455.exe
C:\Users\Toby\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-09-11 13:25] - [2011-09-11 13:25] - 0357888 ____A (Microsoft Corporation) 912EF6419C2DBF918FA96F4B8C8F8B3D

C:\Windows\SysWOW64\dnsapi.dll
[2011-09-11 13:25] - [2011-09-11 13:25] - 0270336 ____A (Microsoft Corporation) 513FAF28075AF2B237461891110C7AC9

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2007-01-02 09:26

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 02 March 2016 - 11:44 AM

Remove these programs via the Control Panel > Programs and Features applet.

AnySend
Body Text Featherin
denaf
MyBestOffersTodaY
Satellite Comma
Setup
System Healer
TVTime


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
() C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe
() C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe
() C:\Windows\Temp\6214.tmp
() C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Microsoft Corporation) C:\c89e093d8b0412f9f6\Setup.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [mbot_au_014010252] => C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe [3972784 2016-02-28] ()
HKLM-x32\...\RunOnce: [upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] ()
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456661635&z=59b76423d9892f7c1ebfabbgcz1w7q6q0q1g4qfc6w&from=brd&uid=HitachiXHTS547575A9E384_J2190054D32L5DD32L5DX
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275192 2016-02-25] (RayDl)
R2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [320168 2016-02-28] (TU-Funs LIMITED)
R2 zigipyro; C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp [158720 2015-12-26] () [File not signed]
S3 brsrv; C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\brsrv.exe [X]
S2 nixiwenizbt; C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531\knskCA0E.tmpfs [X]
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)
Task: {06F78081-B699-476B-A933-FDE9038FFA99} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {446CC757-C446-49D7-A2EE-A62ACB6966AF} - System32\Tasks\RSPro1 => C:\Users\Toby\AppData\Local\TECHP-Browser\prtsvc.exe <==== ATTENTION
Task: {47986859-8948-49E1-A537-7C94BA8C0DC9} - System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9368 more characters).
CustomCLSID: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Toby\AppData\Roaming\denaf\cigetmon.dll () <==== ATTENTION
Task: {7A4B3AC9-6FE8-4243-9AB0-67678DE66A43} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {80DBFB32-7906-439E-AEBE-B1370C05CD11} - System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {BC2C3ABE-63A8-46D0-B0A2-45878D769147} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-02-09] ()
Task: {C346BC48-EA94-48B2-A27D-7A2447044643} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2} - System32\Tasks\IBUpd2 => C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {F45D05D9-EB1D-40DE-9B3D-AF07513C54F5} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-02-09] ()
Task: {FDEA1626-D04D-4D4E-80D7-18DCC934C43E} - \IBUpd -> No File <==== ATTENTION
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
C:\Program Files (x86)\RayDld
C:\ProgramData\8WdM8
C:\Users\Toby\AppData\Local\mbot_au_014010252
C:\Windows\Temp\6214.tmp
C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531
C:\Users\Toby\AppData\Local\BrowserAir
C:\Program Files (x86)\CleanBrowser
C:\c89e093d8b0412f9f6
C:\Windows\run.vbs
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
C:\Users\Toby\AppData\Roaming\denaf
C:\ProgramData\TVTime
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Before you post please run the AdwCleaner tool and clean everything that will be found.

Post the Cleaning log also.

Please let me know what problem persists with this computer.

While I check your logs check this out.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)

#5 piper69

piper69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 March 2016 - 07:51 AM

# AdwCleaner v5.037 - Logfile created 03/03/2016 at 18:02:42
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Toby - TOBY-HP
# Running from : C:\Users\Toby\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\SunnyDay3
[-] Folder Deleted : C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531
[-] Folder Deleted : C:\Program Files (x86)\mbot_au_014010252
[!] Folder Not Deleted : C:\Program Files (x86)\SunnyDay3
[!] Folder Not Deleted : C:\Program Files (x86)\SunnyDay3
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\PlayGemConfig
[-] Folder Deleted : C:\ProgramData\98be0587-0281-0
[-] Folder Deleted : C:\ProgramData\98be0587-3307-1
[-] Folder Deleted : C:\ProgramData\98be0587-75e7-1
[-] Folder Deleted : C:\ProgramData\98be0587-7815-0
[-] Folder Deleted : C:\ProgramData\rWdMr
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SearchModule
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\TrailerTime
[-] Folder Deleted : C:\Users\Toby\AppData\Local\TECHP-Browser
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\46353037-1456775809-3038-3144-393731314531
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SunnyDay13
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\win_en_77
[-] Folder Deleted : C:\Users\Toby\AppData\Roaming\mysites123
[-] Folder Deleted : C:\Users\Toby\AppData\Roaming\yoursearching

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Toby\Desktop\Continue ExtraFeatures Installation.lnk
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\sdfhgdf.sys

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PlayGem.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TrailerTime
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
[-] Key Deleted : HKLM\SOFTWARE\mysites123Software
[-] Key Deleted : HKLM\SOFTWARE\PlayGem
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\yoursearchingSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DE557DA7-0637-4690-B7DD-81B8D085A8DF}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com

***** [ Web browsers ] *****

[-] [C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysites123
[-] [C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yoursearching

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7287 bytes] - [03/03/2016 18:02:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9980 bytes] - [02/03/2016 21:50:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [7111 bytes] - [03/03/2016 17:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7506 bytes] ##########

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Toby (2016-03-03 17:43:17) Run:1
Running from C:\Users\Toby\Desktop\Farbar
Loaded Profiles: Toby (Available Profiles: Toby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
() C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe
() C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe
() C:\Windows\Temp\6214.tmp
() C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Microsoft Corporation) C:\c89e093d8b0412f9f6\Setup.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [mbot_au_014010252] => C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe [3972784 2016-02-28] ()
HKLM-x32\...\RunOnce:
[upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] ()
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome -
{1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456661635&z=59b76423d9892f7c1ebfabbgcz1w7q6q0q1g4qfc6w&from=brd&uid=HitachiXHTS547575A9E384_J2190054D32L5DD32L5DX
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275192 2016-02-25] (RayDl)
R2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [320168 2016-02-28] (TU-Funs LIMITED)
R2 zigipyro; C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp [158720
2015-12-26] () [File not signed]
S3 brsrv; C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\brsrv.exe [X]
S2 nixiwenizbt; C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531\knskCA0E.tmpfs [X]
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)
Task: {06F78081-B699-476B-A933-FDE9038FFA99} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {446CC757-C446-49D7-A2EE-A62ACB6966AF} - System32\Tasks\RSPro1 => C:\Users\Toby\AppData\Local\TECHP-Browser\prtsvc.exe <==== ATTENTION
Task: {47986859-8948-49E1-A537-7C94BA8C0DC9} - System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9368 more characters).
CustomCLSID: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Toby\AppData\Roaming\denaf\cigetmon.dll () <==== ATTENTION
Task: {7A4B3AC9-6FE8-4243-9AB0-67678DE66A43} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {80DBFB32-7906-439E-AEBE-B1370C05CD11} - System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {BC2C3ABE-63A8-46D0-B0A2-45878D769147} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-02-09] ()
Task:
{C346BC48-EA94-48B2-A27D-7A2447044643} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2} - System32\Tasks\IBUpd2 => C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {F45D05D9-EB1D-40DE-9B3D-AF07513C54F5} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-02-09] ()
Task: {FDEA1626-D04D-4D4E-80D7-18DCC934C43E} - \IBUpd -> No File <==== ATTENTION
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
C:\Program Files
(x86)\RayDld
C:\ProgramData\8WdM8
C:\Users\Toby\AppData\Local\mbot_au_014010252
C:\Windows\Temp\6214.tmp
C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531
C:\Users\Toby\AppData\Local\BrowserAir
C:\Program Files (x86)\CleanBrowser
C:\c89e093d8b0412f9f6
C:\Windows\run.vbs
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
C:\Users\Toby\AppData\Roaming\denaf
C:\ProgramData\TVTime
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\RayDld\ihpmServer.exe => No running process found
C:\ProgramData\8WdM8\WdMan.exe => No running process found
C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe => No running process found
C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe => No running process found
C:\Windows\Temp\6214.tmp => No running process found
C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\c89e093d8b0412f9f6\Setup.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun13 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_au_014010252 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM-x32\...\RunOnce: => value not found.
[upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] () => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKCR\PROTOCOLS\Handler\Handler: WSWSVCUchrome - => key not found.
{1CA93FF0-A218-44F1 -  No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ihpmServer => service removed successfully
WdMan => service removed successfully
zigipyro => service not found.
"2015-12-26] () [File not signed]" => not found.
brsrv => service removed successfully
nixiwenizbt => service removed successfully
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => Service stopped successfully.
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06F78081-B699-476B-A933-FDE9038FFA99} => key not found.
C:\Windows\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
C:\Windows\System32\Tasks\RSPro1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro1" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47986859-8948-49E1-A537-7C94BA8C0DC9} => key not found.
C:\Windows\System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A0C0E47-047F-0805-7D11-790A0A051104} => key not found.
JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9368 more characters). => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4B3AC9-6FE8-4243-9AB0-67678DE66A43} => key not found.
C:\Windows\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
C:\Windows\System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC2C3ABE-63A8-46D0-B0A2-45878D769147} => key not found.
C:\Windows\System32\Tasks\System Healer Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
Task: => Error: No automatic fix found for this entry.
{C346BC48-EA94-48B2-A27D-7A2447044643} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] () => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45D05D9-EB1D-40DE-9B3D-AF07513C54F5} => key not found.
C:\Windows\System32\Tasks\SystemHealer Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
C:\Windows\Tasks\System HealerPeriod.job => not found.
C:\Windows\Tasks\System HealerStartUp.job => not found.
"C:\Program Files" => Warning: FRST is scripted not to move this directory.
(x86)\RayDld => Error: No automatic fix found for this entry.
C:\ProgramData\8WdM8 => moved successfully
C:\Users\Toby\AppData\Local\mbot_au_014010252 => moved successfully
"C:\Windows\Temp\6214.tmp" => not found.
"C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531" => not found.
"C:\Users\Toby\AppData\Local\BrowserAir" => not found.
C:\Program Files (x86)\CleanBrowser => moved successfully
"C:\c89e093d8b0412f9f6" => not found.
C:\Windows\run.vbs => moved successfully
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys => moved successfully
"C:\Users\Toby\AppData\Roaming\denaf" => not found.
"C:\ProgramData\TVTime" => not found.
EmptyTemp: => 580.2 MB temporary data Removed.

Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Toby (2016-03-03 17:43:17) Run:1
Running from C:\Users\Toby\Desktop\Farbar
Loaded Profiles: Toby (Available Profiles: Toby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
() C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe
() C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe
() C:\Windows\Temp\6214.tmp
() C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Microsoft Corporation) C:\c89e093d8b0412f9f6\Setup.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [mbot_au_014010252] => C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe [3972784 2016-02-28] ()
HKLM-x32\...\RunOnce:
[upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] ()
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome -
{1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456661635&z=59b76423d9892f7c1ebfabbgcz1w7q6q0q1g4qfc6w&from=brd&uid=HitachiXHTS547575A9E384_J2190054D32L5DD32L5DX
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275192 2016-02-25] (RayDl)
R2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [320168 2016-02-28] (TU-Funs LIMITED)
R2 zigipyro; C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp [158720
2015-12-26] () [File not signed]
S3 brsrv; C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\brsrv.exe [X]
S2 nixiwenizbt; C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531\knskCA0E.tmpfs [X]
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)
Task: {06F78081-B699-476B-A933-FDE9038FFA99} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {446CC757-C446-49D7-A2EE-A62ACB6966AF} - System32\Tasks\RSPro1 => C:\Users\Toby\AppData\Local\TECHP-Browser\prtsvc.exe <==== ATTENTION
Task: {47986859-8948-49E1-A537-7C94BA8C0DC9} - System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9368 more characters).
CustomCLSID: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Toby\AppData\Roaming\denaf\cigetmon.dll () <==== ATTENTION
Task: {7A4B3AC9-6FE8-4243-9AB0-67678DE66A43} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {80DBFB32-7906-439E-AEBE-B1370C05CD11} - System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {BC2C3ABE-63A8-46D0-B0A2-45878D769147} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-02-09] ()
Task:
{C346BC48-EA94-48B2-A27D-7A2447044643} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] ()
Task: {DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2} - System32\Tasks\IBUpd2 => C:\Users\Toby\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {F45D05D9-EB1D-40DE-9B3D-AF07513C54F5} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-02-09] ()
Task: {FDEA1626-D04D-4D4E-80D7-18DCC934C43E} - \IBUpd -> No File <==== ATTENTION
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
C:\Program Files
(x86)\RayDld
C:\ProgramData\8WdM8
C:\Users\Toby\AppData\Local\mbot_au_014010252
C:\Windows\Temp\6214.tmp
C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531
C:\Users\Toby\AppData\Local\BrowserAir
C:\Program Files (x86)\CleanBrowser
C:\c89e093d8b0412f9f6
C:\Windows\run.vbs
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
C:\Users\Toby\AppData\Roaming\denaf
C:\ProgramData\TVTime
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\RayDld\ihpmServer.exe => No running process found
C:\ProgramData\8WdM8\WdMan.exe => No running process found
C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe => No running process found
C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe => No running process found
C:\Windows\Temp\6214.tmp => No running process found
C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531\qnsw9C50.tmp => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe => No running process found
C:\c89e093d8b0412f9f6\Setup.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun13 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_au_014010252 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM-x32\...\RunOnce: => value not found.
[upmbot_au_014010252.exe] => C:\Users\Toby\AppData\Local\mbot_au_014010252\upmbot_au_014010252.exe [3322544 2016-02-28] () => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKCR\PROTOCOLS\Handler\Handler: WSWSVCUchrome - => key not found.
{1CA93FF0-A218-44F1 -  No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ihpmServer => service removed successfully
WdMan => service removed successfully
zigipyro => service not found.
"2015-12-26] () [File not signed]" => not found.
brsrv => service removed successfully
nixiwenizbt => service removed successfully
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => Service stopped successfully.
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06F78081-B699-476B-A933-FDE9038FFA99} => key not found.
C:\Windows\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
C:\Windows\System32\Tasks\RSPro1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro1" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47986859-8948-49E1-A537-7C94BA8C0DC9} => key not found.
C:\Windows\System32\Tasks\{7A0C0E47-047F-0805-7D11-790A0A051104} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A0C0E47-047F-0805-7D11-790A0A051104} => key not found.
JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9368 more characters). => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4B3AC9-6FE8-4243-9AB0-67678DE66A43} => key not found.
C:\Windows\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
C:\Windows\System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC2C3ABE-63A8-46D0-B0A2-45878D769147} => key not found.
C:\Windows\System32\Tasks\System Healer Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
Task: => Error: No automatic fix found for this entry.
{C346BC48-EA94-48B2-A27D-7A2447044643} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-02-09] () => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB5E5A8-8F50-41A2-9BAF-A4D1E56D95C2}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45D05D9-EB1D-40DE-9B3D-AF07513C54F5} => key not found.
C:\Windows\System32\Tasks\SystemHealer Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
C:\Windows\Tasks\System HealerPeriod.job => not found.
C:\Windows\Tasks\System HealerStartUp.job => not found.
"C:\Program Files" => Warning: FRST is scripted not to move this directory.
(x86)\RayDld => Error: No automatic fix found for this entry.
C:\ProgramData\8WdM8 => moved successfully
C:\Users\Toby\AppData\Local\mbot_au_014010252 => moved successfully
"C:\Windows\Temp\6214.tmp" => not found.
"C:\Users\Toby\AppData\Local\46353037-1456953793-3038-3144-393731314531" => not found.
"C:\Users\Toby\AppData\Local\BrowserAir" => not found.
C:\Program Files (x86)\CleanBrowser => moved successfully
"C:\c89e093d8b0412f9f6" => not found.
C:\Windows\run.vbs => moved successfully
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys => moved successfully
"C:\Users\Toby\AppData\Roaming\denaf" => not found.
"C:\ProgramData\TVTime" => not found.
EmptyTemp: => 580.2 MB temporary data Removed.
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 03 March 2016 - 09:18 AM

That was a good cleanup.

How is the computer running now?

#7 piper69

piper69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 03 March 2016 - 05:34 PM

Hi

 

everything seems to be good, like a new machine.

 

Feel free to close the thread. if something else happens I can create a new one.

 

Thanks for your help it is much appreciated



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 04 March 2016 - 07:53 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 piper69

piper69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 06 March 2016 - 08:44 AM

hi

 

I followed above steps but had another ptoblem then trying to update windows and had to roll back to previous restore point and seem to have some malware again.

 

I have run the tools as before and now have the following.  Is it possible to review and advise please?

 

Thanks

 

 

# AdwCleaner v5.037 - Logfile created 03/03/2016 at 18:02:42
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Toby - TOBY-HP
# Running from : C:\Users\Toby\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\SunnyDay3
[-] Folder Deleted : C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531
[-] Folder Deleted : C:\Program Files (x86)\mbot_au_014010252
[!] Folder Not Deleted : C:\Program Files (x86)\SunnyDay3
[!] Folder Not Deleted : C:\Program Files (x86)\SunnyDay3
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\PlayGemConfig
[-] Folder Deleted : C:\ProgramData\98be0587-0281-0
[-] Folder Deleted : C:\ProgramData\98be0587-3307-1
[-] Folder Deleted : C:\ProgramData\98be0587-75e7-1
[-] Folder Deleted : C:\ProgramData\98be0587-7815-0
[-] Folder Deleted : C:\ProgramData\rWdMr
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SearchModule
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\TrailerTime
[-] Folder Deleted : C:\Users\Toby\AppData\Local\TECHP-Browser
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\46353037-1456775809-3038-3144-393731314531
[-] Folder Deleted : C:\Users\Toby\AppData\Local\SunnyDay13
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\SunnyDay3
[-] Folder Deleted : C:\Users\Toby\AppData\Local\win_en_77
[-] Folder Deleted : C:\Users\Toby\AppData\Roaming\mysites123
[-] Folder Deleted : C:\Users\Toby\AppData\Roaming\yoursearching

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Toby\Desktop\Continue ExtraFeatures Installation.lnk
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\sdfhgdf.sys

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PlayGem.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TrailerTime
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
[-] Key Deleted : HKLM\SOFTWARE\mysites123Software
[-] Key Deleted : HKLM\SOFTWARE\PlayGem
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\yoursearchingSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DE557DA7-0637-4690-B7DD-81B8D085A8DF}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com

***** [ Web browsers ] *****

[-] [C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysites123
[-] [C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yoursearching

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7287 bytes] - [03/03/2016 18:02:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9980 bytes] - [02/03/2016 21:50:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [7111 bytes] - [03/03/2016 17:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7506 bytes] ##########
# AdwCleaner v5.037 - Logfile created 06/03/2016 at 21:26:26
# Updated 28/02/2016 by Xplode
# Database : 2016-03-06.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Toby - TOBY-HP
# Running from : C:\Users\Toby\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ihpmServer
[-] Service Deleted : WdMan
[-] Service Deleted : brsrv
[-] Service Deleted : nixiwenizbt

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files (x86)\MyBestOffersToday
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\SunnyDay3
[-] Folder Deleted : C:\Program Files (x86)\CleanBrowser
[-] Folder Deleted : C:\Program Files (x86)\46353037-1456746907-3038-3144-393731314531
[-] Folder Deleted : C:\Program Files (x86)\mbot_au_014010252
[-] Folder Deleted : C:\Program Files (x86)\rec_au_217
[!] Folder Not Deleted : C:\Program Files (x86)\SunnyDay3
[!] Folder Not Deleted : C:\Program Files (x86)\mbot_au_014010252
[!] Folder Not Deleted : C:\Program Files (x86)\rec_au_217
[-] Folder Deleted : C:\ProgramData\8WdM8
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
[-] Folder Deleted : C:\Users\Toby\AppData\Local\mbot_au_014010252
[-] Folder Deleted : C:\Users\Toby\AppData\Local\rec_au_217
[-] Folder Deleted : C:\Users\Toby\AppData\Local\46353037-1456775809-3038-3144-393731314531
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\mbot_au_014010252
[!] Folder Not Deleted : C:\Users\Toby\AppData\Local\rec_au_217
[-] Folder Deleted : C:\Users\Toby\AppData\Roaming\yoursearching

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Toby\Desktop\Continue ExtraFeatures Installation.lnk
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\sdfhgdf.sys

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : IBUpd2

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreMedia.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PlayGem.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TrailerTime
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
[-] Key Deleted : HKLM\SOFTWARE\mysites123Software
[-] Key Deleted : HKLM\SOFTWARE\PlayGem
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\WindoWeather
[-] Key Deleted : HKLM\SOFTWARE\yoursearchingSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_au_217_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_au_014010252_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_au_217_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DE557DA7-0637-4690-B7DD-81B8D085A8DF}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C7CCD9C6-48AC-45DF-88FE-899BAB2E1D3A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [15094 bytes] - [03/03/2016 18:02:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9980 bytes] - [02/03/2016 21:50:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [14698 bytes] - [03/03/2016 17:58:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [7659 bytes] - [06/03/2016 21:24:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15388 bytes] ##########

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Toby (administrator) on TOBY-HP (06-03-2016 21:32:29)
Running from C:\Users\Toby\Desktop\Farbar
Loaded Profiles: Toby (Available Profiles: Toby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-26] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-10] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-28] (AVAST Software)
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971976 2016-01-29] ()
HKLM-x32\...\Run: [mbot_au_014010252] => "C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe"
HKLM-x32\...\Run: [rec_au_214] => [X]
HKLM-x32\...\Run: [rec_au_217] => "C:\Program Files (x86)\rec_au_217\rec_au_217.exe"
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-02-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{B9280C17-7049-428F-A825-3C552F7F97FC}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{E93A3B1B-2AD5-4451-96F8-02623E5C3F7B}: [DhcpNameServer] 172.168.31.32

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/14
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-02-28] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-28] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-02-28] (Oracle Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-01-29] (Wondershare)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-28] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-11] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-02-28] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2016-02-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-04]
CHR Extension: (Website Logon) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2016-03-04]
CHR Extension: (Google Docs) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Sheets) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-04]
CHR Extension: (Gmail) - C:\Users\Toby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-29] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-26] (CyberLink)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-28] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [478128 2016-02-29] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-02-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-28] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 21:05 - 2016-03-06 21:12 - 00000000 ____D C:\Windows\system32\MRT
2016-03-06 21:05 - 2016-03-06 21:05 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-06 20:50 - 2016-02-28 18:23 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-04 18:18 - 2016-03-04 19:50 - 946388880 _____ C:\Users\Toby\Downloads\Black.Mass.2015.720p.HC.HDRip.900MB.MkvCage.mkv
2016-03-04 18:18 - 2016-03-04 19:14 - 00000000 ____D C:\Users\Toby\Downloads\Legend.2015.720p.BRRip.x264.AAC-ETRG
2016-03-04 17:50 - 2016-03-04 20:02 - 00000000 ____D C:\Users\Toby\Downloads\Bridge.of.Spies.2015.BRRip.XviD-ETRG
2016-03-04 17:49 - 2016-03-07 12:38 - 00000000 ____D C:\Users\Toby\Desktop\Burnt (2015)
2016-03-04 17:47 - 2016-03-04 18:11 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\uTorrent
2016-03-04 17:45 - 2016-03-07 12:38 - 00000000 ____D C:\Users\Toby\AppData\Roaming\uTorrent
2016-03-04 06:24 - 2016-03-04 06:24 - 00000000 ____D C:\Users\Toby\AppData\Local\Deployment
2016-03-04 06:24 - 2016-03-04 06:24 - 00000000 ____D C:\Users\Toby\AppData\Local\Apps\2.0
2016-03-03 17:36 - 2016-03-03 17:36 - 00000000 ____D C:\Windows\Sun
2016-03-03 17:34 - 2016-03-03 17:34 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Sun
2016-03-03 17:34 - 2016-03-03 17:34 - 00000000 ____D C:\Users\Toby\.oracle_jre_usage
2016-03-03 17:33 - 2016-03-03 17:36 - 00000000 ____D C:\ProgramData\Oracle
2016-03-02 23:46 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-03-02 21:54 - 2016-03-06 21:32 - 00000000 ____D C:\FRST
2016-03-02 21:52 - 2016-03-06 21:32 - 00000000 ____D C:\Users\Toby\Desktop\Farbar
2016-03-02 21:49 - 2016-03-06 21:24 - 00000000 ____D C:\AdwCleaner
2016-03-02 21:43 - 2016-03-02 21:43 - 01518592 _____ C:\Users\Toby\Desktop\adwcleaner_5.037.exe
2016-03-02 21:25 - 2016-03-03 17:43 - 00000000 ____D C:\Users\Toby\AppData\Local\app
2016-03-02 21:21 - 2016-03-02 21:21 - 00001447 _____ C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-02 02:03 - 2016-03-07 12:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-01 21:39 - 2015-02-04 11:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-03-01 21:39 - 2015-02-04 10:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-03-01 17:12 - 2016-03-03 09:24 - 00000000 ____D C:\Windows\erdnt
2016-03-01 17:12 - 2016-03-01 17:43 - 00000000 ____D C:\Qoobox
2016-03-01 17:10 - 2016-03-01 17:10 - 00000000 ____D C:\Users\Toby\AppData\Local\PDFConverter.com
2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\Windows\run.vbs
2016-02-29 21:36 - 2016-03-03 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-29 20:30 - 2016-02-29 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-02-29 20:29 - 2016-02-29 20:30 - 00000000 ____D C:\ProgramData\COMODO
2016-02-29 20:28 - 2016-02-29 21:02 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Nico Mak Computing
2016-02-29 20:27 - 2016-02-29 20:27 - 00000000 ____D C:\Users\Toby\Screenshots
2016-02-29 19:53 - 2016-02-29 01:40 - 00048752 _____ (StdLib) C:\Windows\system32\Drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
2016-02-29 19:33 - 2016-02-29 19:33 - 00001269 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\Documents\Wondershare MediaServer
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Wondershare Video Converter Ultimate
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\Users\Toby\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-02-29 19:33 - 2016-02-29 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-02-29 19:32 - 2016-03-07 12:39 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-02-29 19:32 - 2016-02-29 19:32 - 00000000 ____D C:\ProgramData\Wondershare
2016-02-29 19:32 - 2016-02-29 19:32 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-02-29 19:32 - 2016-01-19 17:15 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2016-02-29 19:32 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-02-29 19:32 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2016-02-29 19:26 - 2016-02-29 19:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-02-29 19:24 - 2016-02-29 19:23 - 00805960 _____ C:\Users\Toby\Desktop\video-converter-ultimate_setup_full495.exe
2016-02-29 19:23 - 2016-02-29 19:23 - 00805960 _____ C:\Users\Toby\Downloads\video-converter-ultimate_setup_full495.exe
2016-02-29 18:55 - 2016-03-06 20:52 - 00002079 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-02-29 18:55 - 2016-03-02 21:27 - 00003046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1456743300
2016-02-29 18:55 - 2016-02-29 18:55 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-29 18:55 - 2016-02-29 18:55 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-29 18:55 - 2016-02-29 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-29 18:53 - 2016-02-29 18:54 - 00552880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-02-29 18:53 - 2016-02-29 18:53 - 00478128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-02-29 18:53 - 2016-02-29 18:53 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-29 18:53 - 2016-02-28 18:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\asw67FA.tmp
2016-02-29 18:53 - 2016-02-28 18:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6888.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw63C1.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw68F6.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw66EF.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6651.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw676D.tmp
2016-02-29 18:53 - 2016-02-28 18:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6681.tmp
2016-02-29 18:50 - 2016-02-29 18:50 - 00001805 _____ C:\Users\Toby\Downloads\license.avastlic
2016-02-29 18:50 - 2016-02-29 18:50 - 00001805 _____ C:\Users\Toby\Desktop\license.avastlic
2016-02-29 18:23 - 2016-02-29 18:23 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-02-29 17:01 - 2016-02-29 19:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 17:01 - 2016-02-29 17:37 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-29 17:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-29 17:00 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-29 17:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-29 16:59 - 2016-02-29 16:58 - 22908888 _____ (Malwarebytes ) C:\Users\Toby\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-29 16:58 - 2016-02-29 16:58 - 22908888 _____ (Malwarebytes ) C:\Users\Toby\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-29 16:49 - 2016-03-06 20:51 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-29 16:39 - 2016-02-29 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 16:39 - 2016-02-29 17:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 16:39 - 2016-02-29 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-28 20:46 - 2016-02-28 20:46 - 00003090 _____ C:\Windows\System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A}
2016-02-28 20:40 - 2016-02-28 20:40 - 00000000 ____D C:\Windows\system32\qosf
2016-02-28 20:40 - 2016-02-28 20:40 - 00000000 ____D C:\Users\Toby\AppData\Roaming\RogniIxorary
2016-02-28 20:20 - 2016-03-06 21:14 - 00000000 ____D C:\Users\Toby\AppData\Local\CrashDumps
2016-02-28 20:20 - 2016-02-28 20:20 - 00003308 _____ C:\Windows\System32\Tasks\RSPro1
2016-02-28 20:13 - 2016-02-28 20:40 - 00000000 ____D C:\Users\Toby\AppData\Local\Tempfolder
2016-02-28 20:13 - 2016-02-28 20:13 - 00000000 ____D C:\Windows\system32\ifu
2016-02-28 20:13 - 2016-02-28 20:13 - 00000000 ____D C:\Users\Toby\AppData\Roaming\TolpucYfis
2016-02-28 20:08 - 2016-02-28 20:06 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-28 20:06 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2016-02-28 19:44 - 2016-02-28 19:46 - 00000068 _____ C:\Windows\iltwain.ini
2016-02-28 19:44 - 2016-02-28 19:44 - 00000095 _____ C:\Users\Toby\DBMTApplicationState.xml
2016-02-28 19:31 - 2016-02-28 19:31 - 00000000 ____D C:\Users\Toby\AppData\Local\Oracle
2016-02-28 19:30 - 2016-03-03 10:19 - 00000000 ____D C:\Program Files (x86)\Oracle
2016-02-28 19:22 - 2016-03-07 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-28 19:22 - 2016-02-28 19:21 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-02-28 19:22 - 2016-02-28 19:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-28 19:13 - 2016-02-29 16:46 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForTOBY-HP$.job
2016-02-28 19:13 - 2016-02-28 19:13 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTOBY-HP$
2016-02-28 18:29 - 2016-02-29 20:08 - 00000000 ____D C:\Program Files\Google
2016-02-28 18:27 - 2016-03-07 12:27 - 00000000 ____D C:\Users\Toby\AppData\Local\Google
2016-02-28 18:27 - 2016-03-06 21:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-28 18:26 - 2016-02-29 20:05 - 00000000 ___SD C:\Users\Toby\AppData\LocalLow\Temp
2016-02-28 18:24 - 2016-03-07 12:41 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-28 18:24 - 2016-02-28 18:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-28 18:24 - 2016-02-28 18:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-28 18:24 - 2016-02-28 18:24 - 00000000 ____D C:\Users\Toby\AppData\Roaming\AVAST Software
2016-02-28 18:24 - 2016-02-28 18:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-28 18:24 - 2016-02-28 18:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-28 18:24 - 2016-02-28 18:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-28 18:23 - 2016-02-28 18:23 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-28 18:21 - 2016-02-29 18:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-28 18:21 - 2016-02-29 18:53 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-28 18:20 - 2016-02-28 18:21 - 05207096 _____ (AVAST Software) C:\Users\Toby\Downloads\avast_free_antivirus_setup_online.exe
2016-02-28 18:20 - 2016-02-28 18:21 - 05207096 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-02-28 18:16 - 2016-02-28 18:16 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Macromedia
2016-02-28 18:14 - 2016-02-28 18:16 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Adobe
2016-02-28 18:14 - 2016-02-28 18:14 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\Adobe
2016-02-28 18:14 - 2016-02-28 18:14 - 00000000 ____D C:\Users\Toby\AppData\Local\Adobe
2016-02-28 18:13 - 2016-02-28 18:13 - 00000000 ____D C:\Users\Toby\Desktop\Whittens
2016-02-28 18:13 - 2016-02-28 18:13 - 00000000 ____D C:\Users\Toby\Desktop\TWC Docs
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\SEA
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\Project_Pro_2010_x64
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\pipergt (1)
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\pipergt
2016-02-28 18:12 - 2016-02-28 18:12 - 00000000 ____D C:\Users\Toby\Desktop\Piper
2016-02-28 18:11 - 2016-02-28 18:11 - 00000000 ____D C:\Users\Toby\Desktop\pictures1
2016-02-28 18:05 - 2016-02-28 18:07 - 00000000 ____D C:\Users\Toby\Desktop\P6_R151_Proffessional_Client
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Office 2010 activation
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Morris
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Ford 351 Cleveland Engines, How to Build [PDF] [StormRG]
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\Desktop\Finance
2016-02-28 18:04 - 2016-02-28 18:04 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\Sun
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\AVAST Software
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\Automation_StandAlone
2016-02-28 18:03 - 2016-02-28 18:03 - 00000000 ____D C:\Users\Toby\Desktop\Automation
2016-02-28 18:02 - 2016-02-28 18:02 - 00000000 ____D C:\Users\Toby\Desktop\Adobe
2016-02-28 18:02 - 2016-02-28 18:02 - 00000000 ____D C:\Users\Toby\Desktop\76C purchase 2006
2016-02-28 18:01 - 2016-02-28 18:01 - 00000000 ____D C:\Users\Toby\Desktop\CVs
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Roaming\ATI
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Local\ATI
2016-02-28 18:00 - 2016-02-28 18:00 - 00000000 ____D C:\Users\Toby\AppData\Local\AMD
2016-02-28 17:59 - 2016-02-28 18:13 - 00000000 ___DC C:\Users\Toby\AppData\Local\MigWiz
2016-02-28 17:59 - 2016-02-28 17:59 - 00003816 _____ C:\Windows\System32\Tasks\SetupManager
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\Documents\Bluetooth Exchange Folder
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Synaptics
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Roaming\hpqLog
2016-02-28 17:59 - 2016-02-28 17:59 - 00000000 ____D C:\Users\Toby\AppData\Local\Broadcom
2016-02-28 17:58 - 2016-03-02 21:21 - 00001413 _____ C:\Users\Toby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-28 17:58 - 2016-02-28 17:58 - 00003334 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46D596C3-45C6-4E53-8391-47C00073965B}
2016-02-28 17:57 - 2016-03-06 20:53 - 00057560 _____ C:\Users\Toby\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-28 17:57 - 2016-02-28 19:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForToby.job
2016-02-28 17:57 - 2016-02-28 18:13 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForToby
2016-02-28 17:57 - 2016-02-28 17:57 - 00000000 ____D C:\Users\Toby\AppData\Local\RemEngine
2016-02-28 17:34 - 2016-02-29 17:37 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
2016-02-28 17:34 - 2016-02-29 17:37 - 00002010 _____ C:\Users\Public\Desktop\Snapfish.lnk
2016-02-28 17:34 - 2016-02-28 17:58 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Hewlett-Packard
2016-02-28 17:34 - 2016-02-28 17:58 - 00000000 ____D C:\Users\Toby\AppData\Local\Hewlett-Packard_Company
2016-02-28 17:34 - 2016-02-28 17:57 - 00000000 ____D C:\Users\Toby\AppData\Local\Hewlett-Packard
2016-02-28 17:34 - 2016-02-28 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media
2016-02-28 17:32 - 2016-03-06 21:29 - 00000000 ____D C:\Users\Toby\AppData\LocalLow\AuthenTec
2016-02-28 17:32 - 2016-03-06 20:47 - 00000000 ____D C:\Users\Toby
2016-02-28 17:32 - 2016-03-01 16:50 - 00000000 ____D C:\Users\Toby\AppData\Local\VirtualStore
2016-02-28 17:32 - 2016-02-28 17:32 - 00000020 ___SH C:\Users\Toby\ntuser.ini
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\My Documents
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Videos
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Pictures
2016-02-28 17:32 - 2016-02-28 17:32 - 00000000 _SHDL C:\Users\Toby\Documents\My Music
2016-02-28 17:32 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-28 17:32 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-28 17:32 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-28 17:32 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-28 17:32 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-28 17:32 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-28 17:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-28 17:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-28 17:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-28 17:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-28 17:32 - 2011-12-03 20:07 - 00000000 ____D C:\Users\Toby\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 12:42 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-07 12:42 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Dism
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-03-07 12:42 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-07 12:41 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-03-07 12:41 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-07 12:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\servicing
2016-03-07 12:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\schemas
2016-03-07 12:39 - 2011-09-11 13:59 - 00000000 ____D C:\Program Files\Java
2016-03-07 12:39 - 2011-09-11 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-07 12:39 - 2011-09-11 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-07 12:39 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-07 12:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-03-07 12:26 - 2011-09-11 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-06 21:28 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 21:11 - 2009-07-14 12:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-06 21:11 - 2009-07-14 12:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-06 19:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing
2016-03-03 10:21 - 2011-09-11 13:52 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-03-03 10:21 - 2011-09-11 13:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-03-03 10:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\L2Schemas
2016-03-03 10:19 - 2011-09-11 13:57 - 00000000 ___RD C:\Program Files\Online Services
2016-03-03 10:19 - 2011-09-11 13:53 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-03-03 10:19 - 2011-09-11 13:43 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-03-03 09:22 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-03 09:10 - 2011-12-03 19:36 - 00000000 ____D C:\ProgramData\Temp
2016-03-03 00:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-03-02 21:52 - 2011-12-03 19:23 - 00766184 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-02 21:52 - 2009-07-14 13:13 - 00766184 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-02 21:21 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-01 08:44 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-29 19:53 - 2009-07-14 10:34 - 00000505 _____ C:\Windows\win.ini
2016-02-29 18:23 - 2011-09-11 13:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-02-29 17:39 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs
2016-02-29 17:37 - 2011-12-03 19:12 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-29 17:37 - 2011-12-03 19:12 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-29 17:37 - 2011-09-11 14:00 - 00002179 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-02-29 17:37 - 2011-09-11 13:54 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-02-29 17:37 - 2011-09-11 13:52 - 00002086 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-29 17:37 - 2011-09-11 13:43 - 00002394 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-02-29 17:37 - 2009-07-14 13:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-29 17:37 - 2009-07-14 12:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-29 17:37 - 2009-07-14 12:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-29 17:37 - 2009-07-14 12:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-29 09:29 - 2007-01-02 09:25 - 00000000 ____D C:\Windows\Panther
2016-02-29 09:28 - 2009-07-14 13:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-02-29 09:27 - 2011-09-11 13:43 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-28 19:36 - 2011-09-11 13:56 - 00000000 ____D C:\ProgramData\Adobe
2016-02-28 19:10 - 2011-12-03 19:39 - 00000000 ____D C:\ProgramData\Norton
2016-02-28 17:34 - 2011-09-11 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-02-28 17:34 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 17:34 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-28 17:33 - 2011-02-11 03:23 - 00000000 ___HD C:\SYSTEM.SAV
2016-02-28 17:33 - 2011-02-11 03:23 - 00000000 ____D C:\SWSetup
2016-02-28 17:31 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries

Some files in TEMP:
====================
C:\Users\Toby\AppData\Local\temp\2CBB.tmp.exe
C:\Users\Toby\AppData\Local\temp\33B6.tmp.exe
C:\Users\Toby\AppData\Local\temp\34CC.tmp.exe
C:\Users\Toby\AppData\Local\temp\43B.tmp.exe
C:\Users\Toby\AppData\Local\temp\5BC0.tmp.exe
C:\Users\Toby\AppData\Local\temp\68E1.tmp.exe
C:\Users\Toby\AppData\Local\temp\91E6.tmp.exe
C:\Users\Toby\AppData\Local\temp\9B5.tmp.exe
C:\Users\Toby\AppData\Local\temp\A146.tmp.exe
C:\Users\Toby\AppData\Local\temp\amisetup8473__18454.exe
C:\Users\Toby\AppData\Local\temp\D4DB.tmp.exe
C:\Users\Toby\AppData\Local\temp\D4DE.tmp.exe
C:\Users\Toby\AppData\Local\temp\Microsoft Toolkit 2.6.6__9465_il3308455.exe
C:\Users\Toby\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-03 00:32

==================== End of FRST.txt ============================

 

 

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 06 March 2016 - 09:17 AM

Enable Avast if not already done.

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [mbot_au_014010252] => "C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe"
HKLM-x32\...\Run: [rec_au_214] => [X]
HKLM-x32\...\Run: [rec_au_217] => "C:\Program Files (x86)\rec_au_217\rec_au_217.exe"
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)
Task: {446CC757-C446-49D7-A2EE-A62ACB6966AF} - System32\Tasks\RSPro1 => C:\Users\Toby\AppData\Local\TECHP-Browser\prtsvc.exe <==== ATTENTION
Task: {80DBFB32-7906-439E-AEBE-B1370C05CD11} - System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {FDEA1626-D04D-4D4E-80D7-18DCC934C43E} - \IBUpd -> No File <==== ATTENTION
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
C:\Program Files (x86)\mbot_au_014010252
C:\Program Files (x86)\rec_au_217
C:\Windows\run.vbs
C:\Users\Toby\AppData\Local\TECHP-Browser
C:\ProgramData\TVTime

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)

Please let me know what problem persists with this computer.

#11 piper69

piper69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 06 March 2016 - 07:35 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Toby (2016-03-07 08:16:11) Run:2
Running from C:\Users\Toby\Desktop\Farbar
Loaded Profiles: Toby (Available Profiles: Toby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [mbot_au_014010252] => "C:\Program Files (x86)\mbot_au_014010252\mbot_au_014010252.exe"
HKLM-x32\...\Run: [rec_au_214] => [X]
HKLM-x32\...\Run: [rec_au_217] => "C:\Program Files (x86)\rec_au_217\rec_au_217.exe"
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1422899352-1623617973-3802957314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-28]
R1 {1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64; C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys [48752 2016-02-29] (StdLib)
Task: {446CC757-C446-49D7-A2EE-A62ACB6966AF} - System32\Tasks\RSPro1 => C:\Users\Toby\AppData\Local\TECHP-Browser\prtsvc.exe <==== ATTENTION
Task: {80DBFB32-7906-439E-AEBE-B1370C05CD11} - System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
Task: {FDEA1626-D04D-4D4E-80D7-18DCC934C43E} - \IBUpd -> No File <==== ATTENTION
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys
C:\Program Files (x86)\mbot_au_014010252
C:\Program Files (x86)\rec_au_217
C:\Windows\run.vbs
C:\Users\Toby\AppData\Local\TECHP-Browser
C:\ProgramData\TVTime

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun13 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_au_014010252 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rec_au_214 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rec_au_217 => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-1422899352-1623617973-3802957314-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => Service stopped successfully.
{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{446CC757-C446-49D7-A2EE-A62ACB6966AF}" => key removed successfully
C:\Windows\System32\Tasks\RSPro1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80DBFB32-7906-439E-AEBE-B1370C05CD11}" => key removed successfully
C:\Windows\System32\Tasks\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0A27DA7-1DFA-4729-B05D-F8DF0C5E8C9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEA1626-D04D-4D4E-80D7-18DCC934C43E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
C:\Windows\System32\drivers\{1b8a5647-c805-4597-9311-2fe1f4b22a16}Gw64.sys => moved successfully
"C:\Program Files (x86)\mbot_au_014010252" => not found.
"C:\Program Files (x86)\rec_au_217" => not found.
C:\Windows\run.vbs => moved successfully
"C:\Users\Toby\AppData\Local\TECHP-Browser" => not found.
"C:\ProgramData\TVTime" => not found.
EmptyTemp: => 468.9 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-07 08:26:32)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 08:26:32 ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:41 PM

Posted 07 March 2016 - 08:15 AM

Any remaining issues.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users