Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Free Avast! vs. Backup Maker - malware or incompatibility?


  • This topic is locked This topic is locked
18 replies to this topic

#1 ComputerJinx

ComputerJinx

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 15 March 2016 - 04:33 PM

Until recently, BackupMaker has worked well, backing up my files from my hard drive to an external drive.  However, recently I have been getting a BackupMaker error message "Error 0x08: Target file could not be read/verified!"  According to BackupMaker, this is being caused by my antivirus program, which is the free version of Avast! The explanation is that Avast starts scanning the file before BackupMaker can open it to verify it.  Note, however, that I run multiple backups and this error happens with some but not all backup jobs, which use the same source drive and the same target drive.  Therefore, the explanation that Avast is too fast for BackupMaker makes no sense.
 
The message from Avast! that I get when I get the BackupMaker error is "Object: TargetDrive...\EarthLink TAR.msi|Data1.cab|EAuthMgr.dll.  Infection Win32:Evo-gen [Susp].  Process: C:\Program Files (x86)\ASCOMP Software\Backup Maker\bkmaker.exe.  The threat was detected and blocked just before the file was opened."
 
I have followed the directions at https://malwaretips.com/blogs/win32evo-gen-susp-virus/ and run Kaspersky TDSSKiller, RKill, Malwarebytes, HitmanPro, Emsisoft Emergency Kit, AdwCleaner, and Junkware Removal Tool.  I have also run MS Windows Malicious Software Removal Tool.  I checked out C:\Program Files (x86)\ASCOMP Software\Backup Maker\bkmaker.exe at VirusTotal.  I could not find any malware with any of these programs, including Avast!  Naturally, BackupMaker vows that their software is clean.
 
Finally, I cannot find any reference to "EarthLink TAR.msi|Data1.cab|EAuthMgr.dll" on the Internet nor can I  find "EarthLink TAR.msi|Data1.cab|EAuthMgr.dll" with the programs listed above, with a file search of both my source and target drives, in the Avast! forums, or in the BackupMaker forums.  
 
I tried the Avast! option of "Add the file to the scan exclusion list" [EarthLink TAR.msi|Data1.cab|EAuthMgr.dll]. but that did not prevent me from getting the BackupMaker Error 0x08.
 
I have also tried changing the target drive folder for the backup, but that hasn ‘t fixed the problem.
 
I am running Windows 7 SP1, 64-bit.
 
I hope I've chosen the correct forum.  Can anyone help me fix this, or explain what is going on?  Thank you.
 

Edited by ComputerJinx, 15 March 2016 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 18 March 2016 - 08:49 AM

Greetings ComputerJinx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. If FRST.exe is not on your Desktop please move it to that location. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 19 March 2016 - 06:02 PM

Thank you for responding so quickly.  The information you requested is listed below or attached.

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Owner (administrator) on DFD-DESKTOP (19-03-2016 15:38:06)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
( ) C:\Windows\System32\LMabcoms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Epiforge Software) C:\Program Files (x86)\Grindstone 2\Grindstone 2.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Run: [Grindstone 2] => C:\Program Files (x86)\Grindstone 2\Grindstone 2.exe [1564112 2015-04-07] (Epiforge Software)
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2016-02-07] (Siber Systems)
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-18] (AVAST Software)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
BootExecute: p¨sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{EC0EE654-E30C-4B84-8020-04DFACB53155}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> DefaultScope {799DF785-04D6-4477-82FF-7AFF7CD3AFCA} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {139BF50B-ADAA-431C-A61B-3AE507FEE4A7} URL = hxxp://harvix.com/search/s.cgi?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {1F6FF8C3-D5D4-4B16-8B01-CB15F31D920F} URL = hxxp://www.showmelocal.com/geo_search.aspx?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {226BD71C-ED82-4471-935B-1C6512D99680} URL = hxxp://www.microsoft.com/windows/compatibility/windows-7/en-us/Search.aspx?type=Hardware&s={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {2A30B9D8-6047-4272-AFEC-3EB6E54CA339} URL = hxxp://www.bidtopia.com/search.aspx?searchtxt={searchTerms}&srchOrig=4&searchtype=0
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {46A783DD-D94C-4129-BDC7-C7CA49DC0FA6} URL = hxxp://social.technet.microsoft.com/search/en-US?query={SearchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {478C79B3-34A9-47A1-98C0-65528CB70390} URL = hxxp://crowdeye.com/viewer.aspx?query={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {53B669EC-9906-459B-BD0F-A7AE6453F252} URL = hxxp://www.blinkx.com/ie/search-provider/Search-Execute?query={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {57A30613-748E-4952-9B45-91F5F5B618BA} URL = hxxp://www.shmoop.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {580D6602-4290-4C38-84F2-958AA55B86EC} URL = hxxp://www.itemlookup.net/search.php?type=isbn&s={searchTerms}&referrer=addon
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {5BD54069-2659-4C8D-B492-3CBB4DDF6AC8} URL = hxxp://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {6ADA486F-2EDE-4B90-BC15-F99B4CB108A2} URL = hxxp://www.itemlookup.net/search.php?type=upc&s={searchTerms}&referrer=addon
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {72C4A0A2-05F8-4C78-AB35-025581ACE551} URL = hxxp://www.urbandictionary.com/define.php?term={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {799DF785-04D6-4477-82FF-7AFF7CD3AFCA} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {886DD9FF-14CD-476E-A262-EA13B123446E} URL = hxxp://qrobe.it/search/?q={searchTerms}&s=sb
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {8F8FE4C6-7EA9-4812-A34E-B1377D8263F4} URL = hxxp://www27.wolframalpha.com/input/?i={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {90979B75-84D2-415C-BE29-50D33D8C7AF5} URL = hxxp://www.shopzilla.com/{searchTerms}/search
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {AE300F42-B101-48D7-A902-058861AA9FC7} URL = hxxp://www.ha.com/c/search.zx?txtSearch={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {BADBBCE6-6094-4A33-8E76-F51848CB7DED} URL = hxxp://www.stinkyteddy.com/search#q={searchTerms}&s=sb
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {BEC56E69-6D85-4A1A-BB70-9FB5C7CE7E9F} URL = hxxp://2song.net/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {DC32E22E-3E2C-49FD-8F9B-5ADB76747EC0} URL = hxxp://www.pricestalker.net/ProductSearch.aspx?keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {DE03B3BC-2C6B-468B-AF8C-60CE84464CAB} URL = hxxp://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {E7A748DC-0DAE-4A35-82B4-06170A0F2A31} URL = hxxp://www.ted.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {F0243CC4-B899-4415-8FD3-BE4DEC620C0A} URL = hxxp://www.guidestar.org/SearchResults.aspx?legacy_keyword={searchTerms}&selected_config=orgSearchConfiguration
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {F9970D01-FA7B-4838-AD12-60BA5276468D} URL = hxxp://www.labage.com/clip/search.html?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> {FADADC8D-90D7-4507-BED0-7175B31DAC10} URL = hxxp://www.Lexology.com/library/results.aspx?q={searchTerms}&start={startIndex?}&src={referrer:source?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-02-07] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-03-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-18] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-08] (Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-02-07] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-18] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GretechBHO Class -> {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} -> C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll [2014-04-21] (Gretech Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-02-07] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-02-07] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-02-07] (Siber Systems Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: chrome://foxtab/content/homepage.html
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2016-02-07] (Siber Systems Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4259379208-1929102571-3933233249-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-4259379208-1929102571-3933233249-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4259379208-1929102571-3933233249-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\user.js [2015-11-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-10-10] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-10-10] (Cisco WebEx LLC)
FF Extension: Facebook Disconnect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\facebook@disconnect.me.xpi [2015-06-03]
FF Extension: FoxTab - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2015-06-03]
FF Extension: Google Disconnect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\google@disconnect.me.xpi [2015-06-03]
FF Extension: Twitter Disconnect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\twitter@disconnect.me.xpi [2015-06-03]
FF Extension: WOT - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Save as PDF - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-02-01]
FF Extension: Save Text Area - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\{8522e648-adce-469a-8c3a-18659a6ab6e3}.xpi [2016-02-01]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\artur.dubovoy@gmail.com [2016-03-10]
FF Extension: Tab Mix Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-03-10]
FF Extension: Translate Now - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\@translatenow.xpi [2016-02-14]
FF Extension: Files By Email Helper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\fbe@igor.tarasov.xpi [2016-02-01]
FF Extension: Ghostery - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\firefox@ghostery.com.xpi [2016-03-10]
FF Extension: savetexttofile - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2016-02-01]
FF Extension: Print Friendly & PDF - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\jid0-YQz0l1jthOIz179ehuitYAOdBEs@jetpack.xpi [2015-12-28]
FF Extension: ArsTechnica - Multi-page viewer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\{952f9f9b-23b6-4ab7-ac65-0dd218dbabd8}.xpi [2016-02-01]
FF Extension: Extended Statusbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3yd03y64.default-1422847375426\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2015-06-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: Avast Passwords - C:\Program Files\AVAST Software\Avast\pam\FF [2016-02-18]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-02-07]
FF HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/","hxxp://news.google.com/news?cf=all&pz=1&ned=us&siidp=ec6aeb7cc72608997fd96c9c3b082e8a53e5"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duck
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-03-04]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Facebook Disconnect) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-11-29]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-30]
CHR Extension: (Caret Browsing) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklpgenihifpccgiifchnihilipmbffg [2015-09-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Winter) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicljgkbmbjnhakjhkjoahpmpelcgihm [2015-08-24]
CHR Extension: (VLC Capture) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\goppbgmjnldonmjemebdmcjfefbgoloh [2015-02-01]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-05-16]
CHR Extension: (Color Enhancer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkjmjaledkapilfdigkgfmpekpfnkih [2015-05-08]
CHR Extension: (Disconnect) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-23]
CHR Extension: (Google Scholar Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-07-29]
CHR Extension: (Ghostery Fixer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2014-11-29]
CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Long Descriptions in Context Menu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohbmencljkleiedahijfkagnmmhbilgp [2015-05-08]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2016-03-04]
CHR Extension: (RoboForm Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-18]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-29]
 
Opera: 
=======
OPR StartupUrls: "hxxps://duckduckgo.com/","hxxp://thehungersite.greatergood.com/clickToGive/lit/home?link=ctg_lit_home_from_home"
OPR Session Restore: -> is enabled.
OPR Extension: (Ghostery) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2016-02-26]
OPR Extension: (Ghostery) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2016-02-19]
OPR Extension: (Documents) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\dppmcfgmeabflhohikbaegalkbjnbomd [2015-12-04]
OPR Extension: (WOT) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-11-30]
OPR Extension: (View Docs) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\elhpodkoleieiijpbmhgggdkilijnilm [2014-12-14]
OPR Extension: (PDF Viewer) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\encfpfilknmenlmjemepncnlbbjlabkc [2014-11-29]
OPR Extension: (HD Video Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\gacckcgfmoapndlfjdjiffiblljijhep [2016-03-10]
OPR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbnfoknpkgibjaepaldamceifloobdal [2015-06-04]
OPR Extension: (Translate) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2016-02-03]
OPR Extension: (Youtube Video Downloader - TubeGrabber) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\idljboempghpapeocabbalganlidohjo [2015-12-25]
OPR Extension: (Google™ Translator) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgnebchahhepphmokjeohhoebakpfggp [2016-03-15]
OPR Extension: (Mailto:) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgjoobbdmnhgaajdkppafadldfedplpj [2016-02-01]
OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2016-01-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-18] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350208 2010-11-20] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1027240 2008-06-24] ( )
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [586408 2008-06-24] ( )
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-05-08] (McAfee, Inc.)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-18] (AVAST Software)
R1 bdisk; C:\Windows\system32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R1 cbvd; C:\Windows\system32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-11] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-05-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2015-05-08] (McAfee, Inc.)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-08] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-10-30] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-10-30] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-10-30] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 vdbus; C:\Windows\System32\DRIVERS\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-19 15:38 - 2016-03-19 15:38 - 00042755 _____ C:\Users\Owner\Desktop\FRST.txt
2016-03-19 14:41 - 2016-03-19 14:41 - 00062114 _____ C:\Users\Owner\Desktop\2016 0208 blood test results.pdf
2016-03-19 14:25 - 2016-03-19 14:30 - 00000000 ___RD C:\Users\Owner\Desktop\Recent computer problems
2016-03-19 14:23 - 2016-03-19 14:44 - 00000000 ___RD C:\Users\Owner\Desktop\Health stuff
2016-03-19 14:14 - 2016-03-19 14:30 - 00000000 ___RD C:\Users\Owner\Desktop\Shopping List
2016-03-19 14:06 - 2016-03-19 14:08 - 00000000 ____D C:\Users\Owner\Desktop\Bleeping Computer
2016-03-19 14:03 - 2016-03-19 14:04 - 00000000 ____D C:\Users\Owner\Favorites Copy
2016-03-19 13:42 - 2016-03-19 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualStat
2016-03-19 12:43 - 2016-03-19 12:43 - 55915216 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\IE11-Windows6.1-x64-en-us.exe
2016-03-18 15:47 - 2016-03-19 15:38 - 00000000 ____D C:\FRST
2016-03-18 15:45 - 2016-03-18 15:45 - 02374144 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-03-18 15:34 - 2016-03-18 15:34 - 02695375 _____ C:\Users\Owner\Desktop\bleeping computer.pdf
2016-03-16 04:57 - 2016-03-19 15:35 - 00012949 _____ C:\Users\Owner\Desktop\Daily top 10 from threat center.xlsx
2016-03-15 19:45 - 2016-03-15 19:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2016-03-15 19:44 - 2016-03-15 19:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-15 19:44 - 2016-03-15 19:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-15 19:44 - 2016-03-15 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-15 14:48 - 2016-03-15 14:48 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-03-15 14:46 - 2016-03-15 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-03-11 08:16 - 2016-03-11 08:19 - 00226220 _____ C:\TDSSKiller.3.1.0.9_11.03.2016_07.16.47_log.txt
2016-03-11 07:08 - 2016-03-11 07:09 - 00008006 _____ C:\TDSSKiller.3.1.0.9_11.03.2016_06.08.41_log.txt
2016-03-10 18:17 - 2016-03-13 16:45 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-10 18:04 - 2016-03-10 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Emisoft
2016-03-10 17:14 - 2016-03-10 18:05 - 00000000 ____D C:\EEK
2016-03-10 16:38 - 2016-03-10 16:58 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-10 16:38 - 2016-03-10 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security HitmanPro
2016-03-10 16:37 - 2016-03-10 16:59 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-10 13:04 - 2016-03-10 13:04 - 00000374 _____ C:\Windows\Tasks\Run RoboForm Process.job
2016-03-10 08:09 - 2016-03-10 17:13 - 00000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job
2016-03-10 07:41 - 2016-03-15 14:33 - 00000000 ____D C:\Users\Owner\Desktop\Win32Evo-gen
2016-03-10 06:51 - 2016-03-10 06:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-10 06:33 - 2016-03-10 06:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-03-10 06:27 - 2016-03-10 06:44 - 00432924 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_05.27.14_log.txt
2016-03-09 00:32 - 2016-03-09 00:32 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-03-09 00:32 - 2016-03-09 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media VideoLAN
2016-03-08 21:08 - 2016-03-09 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-03-08 20:52 - 2016-03-08 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-08 20:37 - 2016-03-08 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-08 14:02 - 2016-03-16 14:48 - 00000022 _____ C:\Users\Owner\Desktop\greenize.txt
2016-03-07 20:33 - 2016-03-07 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office XML Notepad
2016-03-06 04:03 - 2016-03-06 04:03 - 00000000 ____D C:\Users\Owner\Desktop\memtest86-usb
2016-03-06 03:20 - 2016-03-06 03:20 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2016-03-06 03:20 - 2016-03-06 03:20 - 00000000 ____D C:\Program Files (x86)\XML Notepad 2007
2016-03-04 15:46 - 2014-04-14 00:28 - 00021428 _____ C:\Users\Owner\Desktop\loma linda dental charges.xlsx
2016-03-01 18:05 - 2016-03-01 18:05 - 00080012 _____ C:\Users\Owner\Desktop\Your Promotional eGift Card.pdf
2016-03-01 01:58 - 2016-03-01 01:58 - 00365536 _____ (DivX, LLC) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2016-03-01 00:31 - 2016-03-01 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2016-02-29 16:51 - 2016-02-29 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-02-26 04:08 - 2016-02-26 04:08 - 00000000 ____D C:\Users\Owner\AppData\Local\AvastSupport
2016-02-23 09:03 - 2016-03-18 08:31 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3E651CE0-BC33-4228-A83B-527B918749D3}
2016-02-22 11:51 - 2016-02-22 12:53 - 00000000 ____D C:\Users\Owner\Desktop\Kidneys
2016-02-20 18:34 - 2016-02-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-18 09:13 - 2016-02-18 09:13 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-18 09:13 - 2016-02-18 09:13 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-19 15:38 - 2014-11-30 14:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Sidebar7
2016-03-19 15:35 - 2015-09-17 20:31 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-19 15:34 - 2015-01-03 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Grindstone 2
2016-03-19 15:16 - 2015-12-12 06:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-19 15:10 - 2014-11-19 15:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 15:06 - 2014-11-29 15:17 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-03-19 14:31 - 2014-11-19 15:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Notepad++
2016-03-19 14:28 - 2015-07-26 20:26 - 00000000 ___RD C:\Users\Owner\Desktop\DO NOW
2016-03-19 14:06 - 2014-12-02 21:31 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-03-19 14:03 - 2014-11-18 18:17 - 00000000 ____D C:\Users\Owner
2016-03-19 13:42 - 2014-12-01 11:51 - 00000777 _____ C:\Windows\ODBCINST.INI
2016-03-19 13:42 - 2014-12-01 11:51 - 00000288 _____ C:\Windows\ODBC.INI
2016-03-19 13:42 - 2014-12-01 11:50 - 00002989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
2016-03-19 13:42 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-19 13:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-03-19 13:38 - 2015-09-27 12:42 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-03-19 13:32 - 2015-09-27 12:42 - 00003460 _____ C:\Windows\System32\Tasks\UninstallMonitor
2016-03-19 13:25 - 2009-07-13 21:45 - 00026096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-19 13:25 - 2009-07-13 21:45 - 00026096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-19 13:08 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-03-19 13:08 - 2014-11-19 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 13:08 - 2014-11-18 18:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-19 12:40 - 2015-02-17 13:14 - 00000000 ____D C:\Users\Owner\AppData\Local\File Viewer
2016-03-19 12:34 - 2014-11-19 14:59 - 00000000 ___RD C:\Users\Owner\Documents\My Logs
2016-03-19 12:07 - 2014-12-05 12:52 - 00000000 ___RD C:\Users\Owner\Desktop\Tor Browser
2016-03-19 12:06 - 2015-11-20 13:19 - 00000000 ___RD C:\Users\Owner\Desktop\TV
2016-03-19 02:10 - 2014-11-19 15:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-19 01:05 - 2014-11-19 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 08:29 - 2009-07-13 22:13 - 00906142 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-18 08:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-18 08:25 - 2016-01-12 13:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-18 08:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-03-18 08:20 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 00:23 - 2014-11-30 13:15 - 00000000 ____D C:\Users\Owner\AppData\Local\File Renamer Basic
2016-03-18 00:05 - 2015-05-17 17:58 - 00000000 ___RD C:\Users\Owner\Desktop\Aris
2016-03-17 17:52 - 2014-11-29 13:16 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417292176
2016-03-17 17:52 - 2014-11-29 13:16 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-17 03:02 - 2015-12-16 20:33 - 00000000 ___RD C:\Users\Owner\Desktop\File
2016-03-15 23:33 - 2014-12-01 17:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DivX
2016-03-15 14:49 - 2014-12-01 17:37 - 00000000 ____D C:\Program Files (x86)\DivX
2016-03-15 14:49 - 2014-12-01 17:36 - 00000000 ____D C:\ProgramData\DivX
2016-03-15 14:47 - 2016-01-12 12:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 23:15 - 2014-11-19 15:00 - 00000000 ___RD C:\Users\Owner\Desktop\DO
2016-03-14 06:22 - 2014-11-29 20:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Thunderbird
2016-03-13 19:51 - 2014-12-14 17:17 - 00000000 ____D C:\ProgramData\LexmarkUpdate
2016-03-13 18:42 - 2015-09-17 16:09 - 00265425 _____ C:\Users\Owner\Desktop\calendar.pdf
2016-03-13 15:28 - 2015-12-11 07:31 - 00000536 _____ C:\Windows\Tasks\Macrium-Backup-{47EC0C6F-11C6-46B2-81CE-6093BF0DABA5}.job
2016-03-13 05:12 - 2015-12-11 07:34 - 00000540 _____ C:\Windows\Tasks\Macrium-Backup-{35186E1A-66CA-4188-94DA-1B3CD39A9FE4}.job
2016-03-12 01:16 - 2015-12-12 06:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 01:16 - 2015-09-17 20:31 - 00003892 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-12 01:16 - 2014-11-29 16:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-12 01:16 - 2014-11-29 16:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 07:10 - 2015-09-02 13:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-10 22:06 - 2014-11-30 14:17 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-10 21:53 - 2016-01-12 13:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-10 21:53 - 2011-04-12 01:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-10 21:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-10 21:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-03-10 17:16 - 2015-01-17 19:43 - 00755028 _____ C:\Windows\ntbtlog.txt
2016-03-10 13:03 - 2014-11-28 19:30 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-03-10 07:46 - 2016-01-12 15:24 - 00000000 ____D C:\Program Files\7-Zip
2016-03-10 06:51 - 2015-09-02 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-09 21:47 - 2016-01-12 13:46 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-09 21:47 - 2016-01-12 13:46 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-09 02:04 - 2014-11-28 16:15 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 00:38 - 2014-12-05 11:51 - 00000000 ___RD C:\Users\Owner\Desktop\copies from de-duping
2016-03-08 21:50 - 2015-09-10 11:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
2016-03-08 20:55 - 2015-12-11 21:34 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
2016-03-08 20:54 - 2015-12-13 19:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-08 20:54 - 2015-12-13 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-08 20:53 - 2015-12-13 19:30 - 00000000 ____D C:\Program Files\Java
2016-03-07 15:19 - 2015-01-31 21:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-03-05 20:34 - 2014-12-05 12:51 - 00000000 ___RD C:\Users\Owner\Desktop\Pending
2016-03-05 15:32 - 2014-12-19 11:06 - 00000000 ___RD C:\Users\Owner\Desktop\Computer Problems
2016-03-05 13:55 - 2015-12-18 02:17 - 00000000 ___RD C:\Users\Owner\My Sound Files
2016-03-05 13:53 - 2014-11-19 14:59 - 00000000 ____D C:\Users\Owner\Documents\My Smilebox Creations
2016-03-05 13:46 - 2014-11-19 14:59 - 00000000 ____D C:\Users\Owner\Documents\My PaperPort Documents
2016-03-05 12:13 - 2015-12-18 01:39 - 00000000 ____D C:\Users\Owner\Documents\My Docs
2016-03-05 11:21 - 2014-12-05 12:52 - 00000000 ___RD C:\Users\Owner\Desktop\Soltani & Park
2016-03-03 19:57 - 2015-05-07 21:00 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-03 13:09 - 2014-11-19 14:59 - 00000000 ____D C:\Users\Owner\Documents\My REGISTRATIONS - emails
2016-02-28 16:37 - 2014-12-24 00:55 - 00047698 _____ C:\Windows\Macrium Reflect Patch Log.txt
2016-02-25 11:24 - 2015-05-06 19:47 - 00038484 _____ C:\Users\Owner\AppData\Roaming\Comma Separated Values (DOS).ADR
2016-02-23 23:11 - 2014-12-02 21:32 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 15:36 - 2016-02-07 17:56 - 00000000 ___RD C:\Users\Owner\Desktop\Shopping
2016-02-23 09:13 - 2016-01-12 13:46 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-20 18:34 - 2015-12-17 13:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-18 20:26 - 2016-02-01 23:09 - 00000000 ____D C:\Users\Owner\Desktop\Christianakis
2016-02-18 09:14 - 2016-01-12 13:46 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-18 09:13 - 2016-01-12 13:46 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-18 09:13 - 2016-01-12 13:46 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-18 09:13 - 2016-01-12 13:46 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-18 09:13 - 2016-01-12 13:46 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
 
==================== Files in the root of some directories =======
 
2015-05-06 19:47 - 2016-02-25 11:24 - 0038484 _____ () C:\Users\Owner\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-05-06 20:11 - 2015-12-12 16:41 - 0012965 _____ () C:\Users\Owner\AppData\Roaming\Comma Separated Values (DOS).CAL
2015-10-10 22:02 - 2015-12-12 23:08 - 0009340 _____ () C:\Users\Owner\AppData\Roaming\Comma Separated Values (DOS).EML
2015-10-10 22:03 - 2015-12-12 23:08 - 0009356 _____ () C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).EML
2014-11-30 14:27 - 2015-10-27 09:44 - 0000374 _____ () C:\Users\Owner\AppData\Roaming\Earthquakes Meter_Settings.ini
2015-10-10 22:04 - 2015-12-12 23:08 - 0009344 _____ () C:\Users\Owner\AppData\Roaming\Microsoft Access 97-2003.EML
2014-12-26 12:40 - 2014-12-26 12:44 - 0038483 _____ () C:\Users\Owner\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-01-12 18:02 - 2016-01-12 18:03 - 0000774 _____ () C:\Users\Owner\AppData\Roaming\Stock Meter_Settings.ini
2014-11-30 14:38 - 2015-04-12 13:50 - 0000018 _____ () C:\Users\Owner\AppData\Roaming\stocksTicker.ini
2015-10-10 22:00 - 2015-12-12 23:08 - 0009338 _____ () C:\Users\Owner\AppData\Roaming\Tab Separated Values (DOS).EML
2014-12-09 09:56 - 2014-12-17 06:18 - 0007625 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-12-17 09:21 - 2016-03-10 21:40 - 0000382 _____ () C:\ProgramData\lmab.log
2014-12-14 19:33 - 2015-07-20 20:08 - 0026618 _____ () C:\ProgramData\LMADKscan.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-14 00:17
 
==================== End of FRST.txt ============================
 
Addition,txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Owner (2016-03-19 15:39:10)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-11-19 01:17:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4259379208-1929102571-3933233249-500 - Administrator - Disabled)
Guest (S-1-5-21-4259379208-1929102571-3933233249-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4259379208-1929102571-3933233249-1002 - Limited - Enabled)
Owner (S-1-5-21-4259379208-1929102571-3933233249-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY) Hidden
AceIT Calculator (HKLM-x32\...\AceIT Calculator) (Version:  - )
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DFTransfer (HKLM-x32\...\{337BDBC9-9FE1-4AB6-B86B-9CDCCF9A7158}) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Easy Picture2Icon 3.0 (HKLM-x32\...\Easy Picture2Icon) (Version: 3.0 - Picture2Icon.com)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
GOM Picker (HKLM-x32\...\GOM Picker) (Version: 1.0.0.7 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.1.70 - Gretech Corporation)
Google Chrome (HKLM-x32\...\{BED0D2F3-7407-3B43-A48F-6C33BC3D5DAD}) (Version: 49.0.2623.87 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.8.0.4151 (HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\GoToMeeting) (Version: 7.8.0.4151 - CitrixOnline)
Grindstone 2 (HKLM-x32\...\Grindstone 2) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
HomeBase 2.3 (HKLM-x32\...\HomeBase 2.3) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPP Run-Time 5.3 (HKLM-x32\...\IPP Run-Time 5.3) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
join.me (HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\JoinMe) (Version: 1.20.0.503 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Lexmark Pro4000 Series Uninstaller (HKLM\...\Lexmark Pro4000 Series) (Version:  - Lexmark International, Inc.)
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.871 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maritz Stats (HKLM-x32\...\{F868E8B1-A011-45BC-8272-899FE4BE81F7}) (Version: 2.0.01.0824 - Maritz Research)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office PowerPoint 2003 Template Pack 1 (HKLM-x32\...\{90AB0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 2 (HKLM-x32\...\{90AC0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 3 (HKLM-x32\...\{90AD0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Moo0 File Shredder 1.21 (HKLM-x32\...\Moo0 FileShredder) (Version:  - )
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MYSTAT 12 (HKLM-x32\...\{4EB092F5-185E-4FE6-8ED7-23F61C17D76C}) (Version: 12.2.0 - SYSTAT Software, Inc.)
MYSTAT 12 Manuals (HKLM-x32\...\{D683E370-3B68-4BE0-8C29-1326F2EABCCC}) (Version: 12.1.4 - SYSTAT Software, Inc.)
Network Recording Player (HKLM-x32\...\{21706D5B-A09C-42F1-95B5-CBDFE20F9852}) (Version: 29.10.1.10115 - Cisco WebEx LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)
Opera Stable 36.0.2130.32 (HKLM-x32\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software)
PDF Download for Internet Explorer (HKLM-x32\...\{60DDF5DB-1D28-4C93-BD23-BAF440D0BB67}) (Version: 3.0.0 - Nitro PDF Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RoboForm 7-9-17-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-17-5 - Siber Systems)
SigmaGraph (HKLM-x32\...\SigmaGraph2.0.4.1) (Version: 2.0.4.1 - SIDI.CC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
townandcountrychristmas_3116234 Screen Saver (HKLM-x32\...\townandcountrychristmas_3116234) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VisualStat 2009 (HKLM-x32\...\{1184EF01-6E32-426B-B971-0EA17BA97E8B}) (Version: 8.00.1863 - VisualStat Computing)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000_Classes\CLSID\{052DB226-BE3B-44D4-B932-9C8049B2110B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\volume-gadget-win7gadgets-com.gadget\dlls\VolumeControl64.dll (Indev)
CustomCLSID: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3277\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04286E10-4E19-4732-AB7E-E2AF2CC4294F} - System32\Tasks\{816F1BD3-F876-449B-9764-C97FE55171DB} => C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe
Task: {07B020B8-396D-4B36-B3EA-03BAEABDFA63} - System32\Tasks\Softland\FBackup 5\fba_FBackup Financial => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {07E38CD8-56C8-4DCA-A68B-B04009CCA644} - System32\Tasks\{B5E94626-1BD7-44C8-A21B-04ADC2EED829} => C:\Program Files (x86)\American Institutes for Research\AMBeta\Am.exe
Task: {0A0FAE40-EA92-4C69-BC88-E21E713792E0} - System32\Tasks\{A96E1104-BB11-4924-AF21-49C459B20306} => c:\program files (x86)\opera\launcher.exe [2016-03-14] (Opera Software)
Task: {0CE61A21-E1E0-40A6-B214-7311A6921F9B} - System32\Tasks\Macrium-Backup-{47EC0C6F-11C6-46B2-81CE-6093BF0DABA5} => c:\program files\macrium\reflect\reflect.exe [2016-02-06] (Paramount Software UK Ltd)
Task: {1109EFB1-9063-4862-97FB-176410F7B9AC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {12D10F39-D335-4DF3-952A-26D1A39439DD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {1563E981-2A9E-474B-BA34-A3B9F9078986} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {1820012C-93D6-4366-BE89-55799E0E8440} - System32\Tasks\Macrium-Backup-{35186E1A-66CA-4188-94DA-1B3CD39A9FE4} => c:\program files\macrium\reflect\reflect.exe [2016-02-06] (Paramount Software UK Ltd)
Task: {19EB4C28-A724-4771-A82E-AA7FE627F933} - System32\Tasks\Softland\FBackup 5\fba_Roboform Drive (1) => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {2065C490-5A7A-4F78-8D79-A2199BA332B1} - System32\Tasks\{BD486651-1473-4905-9075-A59E823A19C6} => C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe [2016-01-18] (Foxit Software Inc.)
Task: {26108837-4DDC-4831-A9E1-FE082C926625} - System32\Tasks\{C1F89EE6-1D90-49DF-8169-0D201AF0609F} => C:\Program Files (x86)\VisualStat\VST8\visualstat.exe [2010-02-07] (VisualStat Computing)
Task: {2955B5F2-186F-444E-8E6E-A35E521F33A1} - System32\Tasks\G2MUploadTask-S-1-5-21-4259379208-1929102571-3933233249-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {331026AC-91C3-4388-A7F9-9DEDAB6CC776} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-18] (AVAST Software)
Task: {33B2097D-E45B-49BB-8A84-570B489AFDD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12] (Adobe Systems Incorporated)
Task: {3BFA6D25-D41C-467B-B83F-E5B42E790465} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D092593-8F82-4AB4-92D9-E80BAC89E26B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3E738561-687D-48FF-8FD7-399578560D2A} - System32\Tasks\Softland\FBackup 5\fba_FBackup Patriot Drive [Roboform Drive] => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {3F927958-115A-40E9-9622-C541D429E47F} - System32\Tasks\Softland\FBackup 5\fba_FBackup E Drive [was D Drive] => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {4494274E-F57E-4B91-86B8-550B02E48825} - System32\Tasks\{85D91B50-6E0E-44C9-815C-CB7D2C44502E} => C:\Program Files (x86)\VisualStat\VST8\visualstat.exe [2010-02-07] (VisualStat Computing)
Task: {479AD66A-61EC-4FDE-AC6D-D6E22F67F5D6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4259379208-1929102571-3933233249-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {52412427-7D8E-4E99-9D16-F914601C03FC} - System32\Tasks\Softland\FBackup 5\fba_C Drive Owner => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {5565611E-E0FA-45B6-A3A0-FBBC467BBDD7} - System32\Tasks\Softland\FBackup 5\fba_FBackup Patriot Drive => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {5A5021D5-33E6-4D66-B243-F8E71DB80FDD} - System32\Tasks\{D2AA4F2F-6D84-4907-91A6-377D9EFB54EA} => C:\Program Files (x86)\Image Search Pony\bin\vsp.exe
Task: {5B062CAB-B4B5-4733-A49F-9926D2F700AA} - System32\Tasks\Opera scheduled Autoupdate 1417292176 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
Task: {5E2CFB5B-ED3B-4E4E-8D92-F4E8B0E4D368} - System32\Tasks\Softland\FBackup 5\fba_Roboform Drive => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {60159018-A247-4BB0-96C3-9A6DCA62DDFE} - System32\Tasks\{F1B5C59D-7912-44C5-AAEB-24DBB033E751} => pcalua.exe -a L:\autorun\installer.exe -d L:\autorun
Task: {62FB02BA-7DC2-4456-8250-35FE6354AE9C} - System32\Tasks\{A724E534-B1C7-4B1A-81E3-646F49443DA9} => c:\program files (x86)\opera\launcher.exe [2016-03-14] (Opera Software)
Task: {672CBBD4-EFCA-4159-A2BD-F38D34612849} - System32\Tasks\{98D02545-E8E6-4D25-9E4F-4B651087C39A} => C:\Program Files (x86)\Image Search Pony\bin\vsp.exe
Task: {6E54DFB4-E919-4C8B-8658-793637267485} - System32\Tasks\Softland\FBackup 5\fba_Outlook => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {6E759681-F4BA-4B39-9620-7FFC44570679} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-02-07] (Siber Systems)
Task: {71969A66-F10B-4C0E-826D-9CF9F4D12D26} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {79311BAF-3591-452A-A7A0-BA3C010B6D70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {7EA8E14D-6921-4141-A4EA-0346D8D3030E} - System32\Tasks\Application Starter - e1e900fa914ea9880281e32446f6ede6 => F:\DriverMax\DriverMax\innostp.exe [2015-06-08] (Innovative Solutions)
Task: {80ADF7FB-7843-432C-8155-44BC14C8B862} - System32\Tasks\{F79FA111-A042-4C96-B5ED-3A82538B8B40} => C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe
Task: {80BF5F32-13FE-4E17-9748-6D286434AE36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {849EC41C-E821-45E3-B850-9C722C343260} - System32\Tasks\{361884FB-C36A-4386-BD00-8658AEA2ED12} => C:\Program Files (x86)\American Institutes for Research\AMBeta\Am.exe
Task: {852E46F4-A7B9-4D92-949F-E0F4546AFFA1} - System32\Tasks\Softland\FBackup 5\fba_FBackup Financial (1) => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {85E4650B-7DFD-4463-9C7C-C671B08135F8} - System32\Tasks\{C97602F8-C9AA-4461-8178-C02702266408} => C:\Program Files (x86)\VisualStat\VST8\visualstat.exe [2010-02-07] (VisualStat Computing)
Task: {8A8B6430-9F37-4106-AD09-2588400991CA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {90D6280F-8E9B-453C-BA39-90B72B8A8815} - System32\Tasks\BackUp_Maker-Owner => C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe [2015-12-04] (ASCOMP Software GmbH)
Task: {98FCFEFB-2FAC-4F6F-B3A4-F1CFFC48B3B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {9C433770-88F3-4B8C-AD18-C46B6BE46C2E} - System32\Tasks\Softland\FBackup 5\fba_C Users => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {9F0517BA-92D7-4AA5-A1A8-81FE4C6415D0} - System32\Tasks\{D6ECFD14-6538-4D37-A7F4-41A7E4617E67} => C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe
Task: {A0E42FCB-E54C-4393-9B19-ECA68F38ECD9} - System32\Tasks\{FA1DD368-4171-4733-A7C7-66AE78D647C4} => c:\program files (x86)\opera\launcher.exe [2016-03-14] (Opera Software)
Task: {A28E130E-B3AA-4315-AAFC-8A69915BF6AB} - System32\Tasks\Softland\FBackup 5\fba_FBackup E Drive => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {A2C7EB22-9DBC-4D15-8D59-06E8E6199778} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {A2D313CD-C29F-4DCB-A173-D57095A99AE7} - System32\Tasks\{852DFA28-8FCC-4148-A188-9CC3EB9D00B5} => c:\program files (x86)\opera\launcher.exe [2016-03-14] (Opera Software)
Task: {A77F74A4-5E9C-4D14-B4EC-E7B305DBD223} - System32\Tasks\{C18E7F03-962A-420C-9846-3EB42428ACCC} => pcalua.exe -a "C:\Users\Owner\Desktop\Programs\INSTALL\Analysis - Data\Calc98\c9853a.exe" -d "C:\Users\Owner\Desktop\Programs\INSTALL\Analysis - Data\Calc98"
Task: {A97D2D5E-34F4-4F05-A7C8-C22C336E8450} - System32\Tasks\{9EB9072E-77CC-4A6D-8F25-720072F1B131} => C:\Program Files (x86)\Maritz Stats\Maritz Stats.exe [2005-09-15] (Maritz Research)
Task: {AB9EA812-FF07-445A-8FAA-9C1EDF81DE2C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMLJJMOMOMKJKMLJCNMJHMGMNJCNLMMJOJLMCNHMLMMMNJCNKMJJLMOMOMMJNMGMKMPMKMJJJNJICMIMCNGMCNOMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMLMPMJMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPM (the data entry has 43 more characters).
Task: {B1554971-6CDC-4BE5-B613-F0FF5CAFE0CF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-12] (Adobe Systems Incorporated)
Task: {B2B1781F-7B99-4A44-88EC-67AE91149583} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4259379208-1929102571-3933233249-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {B3A58857-68B7-4330-A1EE-596F5E521EF3} - System32\Tasks\Softland\FBackup 5\fba_FBackup User Files C Drive => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {B7C1924C-BEFE-45AB-96D3-D51CE28C27C2} - System32\Tasks\{BE3FCF45-5A5F-4898-857F-97D038265A33} => C:\Program Files (x86)\AceIT Calculator\AceIt Calculator.exe [2014-11-30] (AceIT Software)
Task: {B8123E49-5DE3-4AE2-A42B-287417F67573} - System32\Tasks\{95F570A6-D617-4E65-8700-2E68E66AC561} => C:\Program Files (x86)\Java\j2re1.4.2_01\javaws\javaws.exe
Task: {C3D771B6-81C9-4443-81B0-FEDAA7637889} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-02-07] (Siber Systems)
Task: {C77E5D63-4F9D-452C-BE95-E8330D2E50D0} - System32\Tasks\{D81E7A08-58F8-4EB5-9DB0-83AAD6F6E530} => pcalua.exe -a C:\Users\Owner\Desktop\SETUP.EXE -d C:\Users\Owner\Desktop
Task: {CE655794-5ECD-45FD-AF08-B1054FCB58FE} - System32\Tasks\Softland\FBackup 5\fba_E Drive => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {CF651309-82FE-44D5-8D54-C004D126CFE6} - System32\Tasks\{BF74FB40-538E-4CD9-AE93-B5F8E8702A7E} => C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe
Task: {D44DB467-5C94-458D-979E-73A2840E80C7} - System32\Tasks\{18FD8C36-E1E9-458F-A3EB-08B802713556} => C:\Program Files (x86)\VisualStat\VST8\visualstat.exe [2010-02-07] (VisualStat Computing)
Task: {D82591A6-4D18-4169-B370-101823414A3A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkId=116866
Task: {D89CB962-FEC3-4A38-BA6F-A5E097F8F342} - System32\Tasks\{E96C5711-6FAE-4F74-8B60-FDD80A872CE4} => C:\Users\Owner\Desktop\DO NOW\Computer\avira_antivirus_en-us.exe
Task: {DBE4261D-81B7-4DBD-B88A-FCC97A810E2A} - System32\Tasks\{3630C97D-F427-4C05-B2A1-403B9A72BE6C} => C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe [2016-01-18] (Foxit Software Inc.)
Task: {DC983587-00FC-4CF0-80CA-0A918275670D} - System32\Tasks\Softland\FBackup 5\fba_E Drive [was D Drive] => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {E07E46A6-4876-4333-B0EE-97B7C2FF5393} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2015-11-23] (Innovative Solutions)
Task: {E10DA135-11B9-4746-B393-31388C9A8EDB} - System32\Tasks\Softland\FBackup 5\fba_FBackup C Users => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {E84F05B8-C4A5-4D32-9DCA-AD03330D38C5} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
Task: {EA1EF716-49D8-4C6F-863E-363D63321044} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {EE6E5C0E-505E-4B6A-A21F-526F9A6F46ED} - System32\Tasks\Softland\FBackup 5\fba_Financial => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {F21D7999-C426-4170-8722-955309DC6179} - System32\Tasks\Softland\FBackup 5\fba_Financial (1) => C:\Program Files (x86)\Softland\FBackup 5\bSchedStarter.EXE
Task: {F81282F3-98E6-4AFF-9F65-7911462EFD40} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FA3631F5-47DC-4304-9541-179FADEAA9C2} - System32\Tasks\G2MUpdateTask-S-1-5-21-4259379208-1929102571-3933233249-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FD5E4318-CDEF-4A69-96FF-A73CBDC6F2A4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - e1e900fa914ea9880281e32446f6ede6.job => F:\DriverMax\DriverMax\innostp.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4259379208-1929102571-3933233249-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4259379208-1929102571-3933233249-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259379208-1929102571-3933233249-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium-Backup-{35186E1A-66CA-4188-94DA-1B3CD39A9FE4}.job => c:\program files\macrium\reflect\reflect.exe„-e -w C:\Users\Owner\Documents\Reflect\E med compression stay on Sundays noon.xml
Task: C:\Windows\Tasks\Macrium-Backup-{47EC0C6F-11C6-46B2-81CE-6093BF0DABA5}.job => c:\program files\macrium\reflect\reflect.exe‚-e -w C:\Users\Owner\Documents\Reflect\C&K med compress stay on Sundays 3am.xml
Task: C:\Windows\Tasks\Run RoboForm Process.job => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
Task: C:\Windows\Tasks\Run RoboForm TaskBar Icon.job => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-04-02 00:37 - 2015-04-07 22:22 - 00245760 _____ () C:\Program Files (x86)\Grindstone 2\Grindstone 2.XmlSerializers.dll
2012-01-16 17:52 - 2012-01-16 17:52 - 00940544 _____ () C:\Program Files (x86)\Grindstone 2\DotNetOpenAuth.dll
2015-02-10 20:51 - 2015-02-10 20:51 - 00016384 _____ () C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TDMarketView.gadget\GadgetInterop.dll
2015-02-10 20:51 - 2015-02-10 20:51 - 00020480 _____ () C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TDMarketView.gadget\AxComponent.dll
2014-12-14 17:19 - 2012-08-23 09:22 - 01559040 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMFX1N4Z.DLL
2016-02-18 09:13 - 2016-02-18 09:13 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-18 09:13 - 2016-02-18 09:13 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-18 08:04 - 2016-03-18 08:04 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031801\algo.dll
2016-02-18 09:13 - 2016-02-18 09:13 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-18 13:52 - 2016-03-18 13:52 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031802\algo.dll
2015-09-27 12:42 - 2014-03-07 10:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2016-01-12 13:46 - 2016-01-12 13:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Super Finder XT.lnk => C:\Windows\pss\Super Finder XT.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced Uninstaller PRO Installation Monitor => "C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Monitor.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DriverMax => "F:\DriverMax\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: DriverMax_RESTART => 
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptor => "C:\Program Files\McAfee\Raptor\Raptor.exe" --run
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Xmarks => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q
MSCONFIG\startupreg: xwidget => C:\Program Files (x86)\XWidget\xwidget.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{52195B6A-EF6B-4E3B-AB59-90E5A325BA2E}C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe] => (Allow) C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe
FirewallRules: [UDP Query User{CCE15715-56AB-4E1A-AAE4-6F8559A22073}C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe] => (Allow) C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe
FirewallRules: [{CDFFBEBA-6F2D-4FB1-B9EA-845E64D72431}] => (Allow) C:\Windows\System32\LMabcoms.exe
FirewallRules: [{BDD00172-A7B8-49C1-BDB4-328FD250D051}] => (Allow) C:\Windows\System32\LMabcoms.exe
FirewallRules: [TCP Query User{F8143AEA-14A6-4E75-BE84-A94BFF024BB5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EEC236DA-1786-472C-B24B-0A94EF68C323}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{17CD08FB-7319-4938-9D30-3887063F7864}C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe] => (Allow) C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe
FirewallRules: [UDP Query User{00AD3B00-FFA9-4254-9294-7FF06CFD1371}C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe] => (Allow) C:\program files (x86)\lexmark pro4000 series\lmadkmon.exe
FirewallRules: [{D5DCC60B-1E23-4BA5-9ABD-BE2D1794E4ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5184BFEC-AD7A-4E0A-B950-2E332F2C7991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDAE4A25-B303-4556-A843-58E54765F5F6}] => (Allow) C:\Windows\System32\LMabcoms.exe
FirewallRules: [{3D6DE5B1-B186-4D73-A4D9-F01777975245}] => (Allow) C:\Windows\System32\LMabcoms.exe
FirewallRules: [TCP Query User{1455FE3F-4773-403F-B71C-22820A20C396}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{FFA33071-6CDF-46EB-8787-A3D0F8E52687}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{51E4DAE7-9DE9-4225-BDAC-033875E11FA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5F50198-9DD0-4255-9AB5-A6A7F580ABFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{78B11ACB-EA7D-43C8-BDD9-F67CD11FE275}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D6644256-AF82-4BC4-B6A5-400D8AD45362}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2472703A-A3CC-4996-8EFC-8654F844C417}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BA1FDEB5-5545-40EA-82AD-9F93C1112E0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20C0FFB3-60C8-4577-B552-3626A9317CDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0ECB6155-1FE7-47A8-A93C-9318312F65E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAC2F098-E728-4AF2-B048-2B0DD4FC0B7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BD92F618-E661-4726-8912-C768F9A6C4F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{34685585-627F-4517-AF17-43CC604C84FC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{77653816-00BB-4698-B649-5C5E7B9BA0C3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{E302C01B-5ACD-4A25-944E-BDA540A7311F}C:\program files\windows sidebar\sidebar.exe] => (Block) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{9FB9A1AC-588C-4ABB-8757-DAE2A77A7139}C:\program files\windows sidebar\sidebar.exe] => (Block) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [{A2C828FC-6126-4A64-A3E2-72EB06622877}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{50260F4B-EFA3-4ACE-8833-6F4252CD5A43}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-03-2016 19:35:11 b4 avast smart scan cleanup
18-03-2016 09:53:19 Windows Update
19-03-2016 12:19:42 b4 super CCleaner 3-19-16
19-03-2016 13:20:19 b4 innovative solutions quick cleaner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/19/2016 02:33:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2016 02:33:13 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (03/19/2016 02:33:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (03/19/2016 02:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000011fd
Faulting process id: 0x1cb0
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
 
 
System errors:
=============
Error: (03/19/2016 02:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (03/19/2016 02:33:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473536.
 
Error: (03/19/2016 02:32:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (03/19/2016 01:44:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/19/2016 01:44:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473536.
 
Error: (03/19/2016 01:42:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/19/2016 08:21:57 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}
 
Error: (03/19/2016 05:00:56 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume N: were aborted because the shadow copy storage failed to grow.
 
Error: (03/18/2016 08:24:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_DEVIM
Uim_IM
 
Error: (03/18/2016 08:24:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RIP Listener service hung on starting.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 60%
Total physical RAM: 4055.49 MB
Available physical RAM: 1608.86 MB
Total Virtual: 8109.19 MB
Available Virtual: 5207.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:512.12 GB) (Free:228.09 GB) NTFS
Drive d: (Jan 12 2016) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
Drive e: (was Drive D) (Fixed) (Total:419.28 GB) (Free:267.18 GB) NTFS
Drive f: (PATRIOT) (Removable) (Total:14.91 GB) (Free:6.42 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive l: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:61.5 GB) NTFS
Drive n: (Local Disk Buffalo) (Fixed) (Total:931.51 GB) (Free:80.21 GB) NTFS
Drive o: (Lexar) (Removable) (Total:29.8 GB) (Free:23.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D076BF7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=512.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=419.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 056C1BF1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A5921295)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
Copy of summary.zip is attached.
 
I don't recognize some of the programs listed in the log files.  In addition, some of the programs listed in the log files were uninstalled some time ago.
 
I assume that these logs don't make any of my confidential information public.
 
Thank you for your assistance.
Jay
 
 
 
 
 
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 20 March 2016 - 09:14 AM

Hi Jay,

Sorry for the little delay, I was not notified you replied.

You are not compromised but the information posted.

You have quite a variety of SearchScopes. They all appear to be legitimate but I don't normally see this many. Are you aware of them? You can review the names under the Internet section of the FRST report.

What programs don't you recognize or were previously uninstalled?

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} =>  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista and above:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*Earthlink*
:regfind
*Earthlink*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Rebuilding Windows Indexing

--------------------

Note: This process may take a long time to complete.
  • Click Start, then Control Panel (icons view)
  • Windows 8/10 right click on the Start button and select Control Panel
  • Click Indexing Options
  • Click Advanced
  • Click Rebuild, then OK
  • When completed you will see Indexing complete
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SearchScopes?
  • Fixlog
  • SystemLook log
  • Did the Index rebuild properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 20 March 2016 - 06:59 PM

Hi Gary,
 
Again, thanks for the faster-than-expected response.  Answers to your questions:
 
SEARCHSCOPES
I’m sorry, but I don't know what a SearchScope is.  I followed the link, but the explanation didn't help. They look like search engines.  I use 3 browsers regularly: Opera, Firefox, Chrome.  I checked out the 15 that weren’t familiar and all seem legitimate.  [I am a researcher and have sometimes used this computer for work projects on weekends, etc.]
 
FIXLOG

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Owner (2016-03-20 14:11:38) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} =>  No File
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} =>  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-4259379208-1929102571-3933233249-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSDriveIconOverlay" => key removed successfully
"HKCR\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemInSyncIconOverlay" => key removed successfully
"HKCR\CLSID\{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemModifiedIconOverlay" => key removed successfully
"HKCR\CLSID\{AE67D273-7253-4236-B55E-D40055B305D6}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemNewIconOverlay" => key removed successfully
"HKCR\CLSID\{022F23E9-DA0F-4A86-A728-CAF6150C0B63}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemUnsynchronizedIconOverlay" => key removed successfully
"HKCR\CLSID\{4D7EE7CF-E7A1-45FE-8F80-3A37574918D7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
HKU\S-1-5-21-4259379208-1929102571-3933233249-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
 
SYSTEMLOOK

SystemLook 30.07.11 by jpshortstuff
Log created at 16:40 on 20/03/2016 by Owner
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Earthlink*"
*Content removed*
 
========== regfind ==========
 
Searching for "*Earthlink*"
No data found.
 
-= EOF =-
 
INDEX REBUILD
I will let you know how it goes.  At the present rate, it may not finish until Tuesday morning.
 
Uninstalled Software

The software that I thought I had uninstalled include:
     AdAware
     American Institutes for Research
     Avira
     Comodo
     FBackup [Softland]
     Image Search Pony
     McAfee

 

I have never installed any Apple products other than iTunes.
 
Questions Raised by Your Data
 
In the Additional scan result of Farbar Recovery Scan, I noticed these:
 
     1. “Administrator (S-1-5-21-4259379208-1929102571-3933233249-500 - Administrator - Disabled)”.  Is this why I get error messages that I don’t have permission to do certain things?
 
    2. Lots of scheduled tasks are listed, including some for uninstalled programs and some that I thought I had shut down [e.g., Dropbox, Real, etc.].
 
    3. I have no idea what this is but it is an autorun so it concerns me:  Task: {60159018-A247-4BB0-96C3-9A6DCA62DDFE} - System32\Tasks\{F1B5C59D-7912-44C5-AAEB-24DBB033E751} => pcalua.exe -a L:\autorun\installer.exe -d L:\autorun
 
Final question:  It looks as though SystemLook scans only the internal hard drive [C partition in particular, which is one of the source drives for BackUpMaker].  The Avast! threat warning for BackUpMaker is about the target drive. Shouldn't I use SystemLook to scan the external drive somehow?
 
Thank you again.
Jay

Edited by Oh My!, 20 March 2016 - 07:28 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 20 March 2016 - 08:03 PM

Hi Jay.

Don't worry about SearchScopes, you answered my question.

We will get to your other issues once we resolve this Earthlink warning. I believe there is information inside of a packaged file that is causing us trouble. Think of it like this. You throw your suitcase on a TSA screening table and it can't get through security. It is not that the entire suitcase is bad, rather you have a knife inside that is preventing a successful scan. Avast is behaving like the TSA screener. There are a couple of ways we might be able to overcome the issue if in fact this is it.
 

Final question: It looks as though SystemLook scans only the internal hard drive [C partition in particular, which is one of the source drives for BackUpMaker]. The Avast! threat warning for BackUpMaker is about the target drive. Shouldn't I use SystemLook to scan the external drive somehow?

The warning is indicating an issue coming from your C:\ drive. If you look at the warning the BackUpMaker is running from your C:\ drive. What the warning is telling us is that is the BackUpMaker (bkmaker.exe) process is running and Avast is scanning the items being transferred to your D:\ drive. The file is being intercepted by Avast before it is transferred and the warning is telling us why it won't let it pass through. Our challenge is to try to locate that file and deal with it. The reason you were unable to find it before is because it is hidden inside one of your computer's suitcases. :)

Are you currently using Earthlink?

Let's look for another file please.

===================================================

SystemLook by jpshortstuff

--------------------
  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
Data1.cab
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you using Earthlink?
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 20 March 2016 - 09:56 PM

Gary,
 
1. Thanks for the explanation about the what Avast! is doing regarding the source versus target drive.  Please let me remind you that not all of my BackupMaker backups generate a threat message from Avast!  I’ve divided my file backups [from the C, D. and F drives to the N drive] into 11 sections.  The Avast! threat message appears consistently for 2 of the 11 backups and aborts.  Both of those are backups from the D drive.  There is only one backup from the C drive, one backup from the F drive; the remaining 9 are from the D drive.  Avast! does not produce threat messages for backups from the C drive, the F drive, or for 7 of the backups from the D drive. Those 9 finish without incident and appear to be good.  So my question....why wouldn't malware affect all 11 equally?  That part doesn't make sense to me, which is why I wasn't sure that I originally posted in the correct forum.
 
Summary of backups to N drive:
From C ---> 1, which is OK
From F ---> 1, which is OK
From D ---> 9, of which 7 are OK, but 2 generate Avast! threat messages and abort.
 
2. No, I haven't used Earthlink for years.  The files listed in the previous SystemLook output are old files in contacts, old shortcuts, or records that have “EarthLink” in the names of old txt, gif, or rtf files.  
 
3.  Latest SystemLook output
 
SystemLook 30.07.11 by jpshortstuff
Log created at 19:08 on 20/03/2016 by Owner
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "Data1.cab"
C:\Program Files (x86)\InstallShield Installation Information\{337BDBC9-9FE1-4AB6-B86B-9CDCCF9A7158}\data1.cab --a---- 473599 bytes [04:25 01/12/2014] [18:48 15/04/2004]  
6D98692AE761F73750EC55C5903CC9AD
C:\Program Files (x86)\InstallShield Installation Information\{E322F2CC-AAF4-4F33-82F8-8B24CA7FEDA4}\data1.cab --a---- 473598 bytes [04:22 01/12/2014] [18:59 15/04/2004]  
B678AA92042BBDBB430B0A3D5FDF0887
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\Data1.cab --a---- 129304692 bytes [03:47 24/09/2012] [03:47 24/09/2012] CD141A21320B1AC6DB90BE1DE5E8FE5B
C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\Data1.cab --a---- 129304692 bytes [03:47 24/09/2012] [03:47 24/09/2012] CD141A21320B1AC6DB90BE1DE5E8FE5B
C:\Users\Owner\Desktop\Computer Problems\INSTALL\Install_Win7_7092_05202015\Install_Win7_7092_05202015\data1.cab --a---- 3554008 bytes [07:06 19/05/2015] [11:41 24/07/2013]  
BC46C20EB2A7171C2302CF64941892F0
 
-= EOF =-
 
The last one listed above, Install_Win7_7092_05202015\data1.cab, is part of a download for updating my RealTek driver.  It is filed under “Computer Problems” because it didn't work.  [Anticipating your question: yes, it was downloaded directly from RealTek.]
 
Again, many thanks!
Jay
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 20 March 2016 - 10:11 PM

Hi Jay,

 

Thanks for the information. Not sure why only 2 of the 11 unless the file is located only in those 2.

 

The Avast Threat Block Source information is truncated. Are you able to provide the entire file path?


Edited by Oh My!, 20 March 2016 - 10:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 21 March 2016 - 12:03 AM

Gary,

 

I just started using Avast! last month so I'm not extremely familiar with it.  No, I cannot find the file or full path for the "object" in the Avast! "Threat blocked" message.  I spent a lot of time trying to do so before turning to bleeping computer [please see my original post for details].  

 

There are only 3 files that I can find in the Avast! quarantine that MIGHT be relevant.  I couldn't export the info or copy it to a text file so I've attached screen clips.  Nothing else looks remotely related.

 

BTW, indexing paused itself, then about a 1/2 later it restarted itself.  Is that normal?

 

Thanks again.

 

Jay 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 21 March 2016 - 09:07 AM

Hi Jay,

Thanks for the screen shots but it does not help us.

This is a little different than the traditional malware circumstance in that it is not really affecting your computer but rather is complicating the backing up of information. As such this is really outside of what we normally do. Nevertheless I would really like to try to resolve the issue for you but at some point we may need to throw in the towel in this Forum.

Here is what I am thinking although I am not certain I am on target. Like I said previously I think Avast is catching something inside a packaged (.cab) file. What I am thinking is that if we are able to finally locate that file(s) we could then have the option to delete the file if you don't want it or do a sort of surgery on that file to remove the offending portion inside. I have been doing a little bit of research on deconstructing a .cab file to manipulate the data inside. I am willing to give that a shot if we can get that far to try to overcome our issue.

What I would like to do now is use 3 programs to try to locate .cab files on the D: and N: drives. I only want to identify information at this point and not take any corrective action.

Please do this.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Launch Malwarebytes
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Configure Scan
  • Place a check mark in the D: and N: drives
  • Click Scan now

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner with External Device

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in the D: and N: drives then click OK
  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
Data1.cab
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • MBAM log
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 23 March 2016 - 05:47 AM

Gary,
 
Thank you for your continued help.  As I mentioned at the start, I didn’t know if this was the correct forum in which to pose my question, so I understand if you decide that this problem doesn’t qualify.
 
The programs you asked me to run took a long time to complete.
 
Malwarebytes and ESET both found problems.  I run Malwarebytes every Sunday night and was surprised to see that it found problems with three files, all of which have been on my computer for a long time [surprised they weren’t found before].  
 
ESET found 58 problems [a little scary given how many other antimalware programs I've already run].  Of the 58, 33 are associated with programs that were downloaded, and either never installed or installed and then uninstalled because they didn’t work as described.  All 33 are in zip files.  Another 20 are associated with Favorites for Internet Explorer, which I don’t use.  The final 5 all indicate a problem with zipped versions of CCleaner.  [I’m in the process of cleaning out old files, but it will take a while to complete because I can only spend about an hour a day on it.]
 
Here is the information you requested. 
 
 
MALWAREBYTES
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/21/2016
Scan Time: 9:16 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.22.01
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1251848
Time Elapsed: 14 hr, 11 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit, C:\Users\Owner\Downloads\Programs\HotSpot Shield\HSS-2.67-install-download-394-conduit.exe, , [dfea1e6cff9a6acc36dd7f901ce66799], 
PUP.Optional.Conduit, C:\Users\Owner\Downloads\Programs\Security\Anti Virus\Zone Alarm\Zone Alarm.7z, , [d9f0ee9c13860f27a07327e8b54daa56], 
PUP.Optional.Conduit, C:\Users\Owner\Downloads\Programs\Security\HOT Spot Protection\HotSpot Shield\HSS-2.67-install-download-394-conduit.exe.7z, , [ae1bb6d40297f83ebc57a96634ce8779], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET
 
C:\Users\Owner\Downloads\Programs\Backup & Storage\Local\Not good\EaseUS Todo Backup.7z a variant of Win32/TFTPD32.A potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Backup & Storage\Local\Not good\FileFort.7z a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Coupon Printers\couponprinter.7z a variant of Win32/Adware.Coupons.AA application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\OUTLOOK EXPRESS\Auslogic duplicate-file-finder-setup.7z a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\OUTLOOK EXPRESS\Duplicate File Cleaner.7z a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\WINDOWS FILES\BAD APPS\Auslogics 4.7z a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\WINDOWS FILES\BAD APPS\Auslogics Duplicate File Finder.7z a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\WINDOWS FILES\BAD APPS\GiSeek Pro.7z Win32/InstallMonetizer.AQ potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Duplicate Removers\WINDOWS FILES\BAD APPS\this one used to work\duplicate-file-finder-setup.7z a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\File Converters\FormatFactory\FFSetup3.5.1.exe Win32/WebDevAZ.C potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\File Converters\Universal Converter\universal_converter_setup.7z a variant of Win32/Packed.MoleboxUltra suspicious application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Installed\Recuva\rcsetup148.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Installed\Recuva\rcsetup151.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Installed\Recuva\rcsetup152 (1).7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Not installed\Corrup Office Extractor\corrupt_ms_office_2007-2013_extractor_setup.7z Win32/InstallMonetizer.AF potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Not installed\Corrupt docx salvager\corrupt_docx_salvager_setup_2.0.2.exe.7z Win32/InstallMonetizer.AF potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\File Recovery &or Repair\File Recovery-Not installed\Corrupt Office Salvager\corrupt_office_salvager_setup_1.0.1.exe.7z Win32/InstallMonetizer.AF potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Gadgets\Windows Gadgets Programs\STOCKS\STOCKS\cbsidlm-cbsi213-TD_Waterhouse_Market_View-SEO-10783551.7z a variant of Win32/CNETInstaller.B potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Gadgets\Windows Gadgets Programs\STOCKS\STOCKS\STOCKS.7z a variant of Win32/CNETInstaller.B potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Office Suites\Kingsoft\setup_kingsoft_office_free.7z a variant of Win32/KingSoft.D potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Office Suites\Kingsoft\setup_kingsoft_office_free.exe a variant of Win32/KingSoft.D potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\PDF converters\Installed\Foxit\FoxitReader545.0124_enu_Setup.exe.7z a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\PDF converters\Not Tried\doxillion.7z a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\PDF converters\Not Tried\LightingPDF.7z a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\PDF converters\Tried - not good\SodaPDFPro.7z a variant of Win32/CNETInstaller.B potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\PDF converters\Tried - not good\Don't work w Scansoft\CutePdfWriter.7z a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\PDF EDITING\pdf utilities.7z a variant of Win32/CNETInstaller.B potentially unwanted application deleted
C:\Users\Owner\Downloads\Programs\Security\Cleaners\CCleaner\ccsetup515.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Security\Cleaners\CCleaner\old cleaners\ccsetup415.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Security\Cleaners\CCleaner\old cleaners\ccsetup514.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Utilities\System monitoring\spsetup127.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Utilities\System monitoring\spsetup129.7z Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Owner\Downloads\Programs\Zip Programs\ExtractNow\ExtractNow.7z Win32/WebDevAZ.C potentially unwanted application deleted
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Ancient Civilizations Thumbnail Images (3).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Ancient Civilizations Thumbnail Images (4).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Ancient Civilizations Thumbnail Images.URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Astrophotography by Jack Newton (3).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Astrophotography by Jack Newton (4).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Astrophotography by Jack Newton.URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Hubble Mysteries Revealed Thumbnail Images (3).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Hubble Mysteries Revealed Thumbnail Images (4).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Hubble Mysteries Revealed Thumbnail Images.URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Nature (3).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Nature (4).URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\Computer & Internet Stuff\Software packages\Screen Savers\Nature.URL LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Ancient Civilizations Thumbnail Images (14).url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Ancient Civilizations Thumbnail Images.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Astrophotography by Jack Newton (14).url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Astrophotography by Jack Newton.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Hubble Mysteries Revealed Thumbnail Images (14).url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Hubble Mysteries Revealed Thumbnail Images.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Nature (14).url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Favorites Copy\COMPUTER STUFF\Software\Screen Savers\Nature.url LNK/Agent.CH trojan cleaned by deleting
C:\Users\Owner\Google Drive\SMUD\Won\09-14 Leadership Training\BCs Vaio 2013 0926\JBS Software Downloads\Crap Cleaner.7z Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
E:\WORK\0CLIENTS\SMUD\Won\2009-2014 SMUD Ldrshp Trnng\BCs Vaio 2013 0926\JBS Downloads\Crap Cleaner.7z Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
L:\Backup E Drive 3-6-16\WORK\0CLIENTS\SMUD\Won\2009-2014 SMUD Ldrshp Trnng\BCs Vaio 2013 0926\JBS Downloads\Crap Cleaner.7z Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
L:\Crash Desktop 2014 Dec\WORK\0 CLIENTS\SMUD\Won\09-14 SMUD Ldrshp Trnng\BCs Vaio 2013 0926\JBS Downloads\Crap Cleaner.7z Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
N:\backup maker roboform drive\F Roboform to Buffalo1.zip a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application deleted
 
FRST64 FILE SEARCH
 
Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Owner (2016-03-23 03:27:02)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
 
================== Search Files: "Data1.cab" =============
 
C:\Users\Owner\Desktop\Computer Problems\INSTALL\Install_Win7_7092_05202015\Install_Win7_7092_05202015\data1.cab
[2015-05-19 00:06][2013-07-24 04:41] 3554008 ____A () BC46C20EB2A7171C2302CF64941892F0 [File not signed]
 
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\Data1.cab
[2012-09-23 20:47][2012-09-23 20:47] 129304692 ____A ()  [File not signed]
 
C:\Program Files (x86)\InstallShield Installation Information\{E322F2CC-AAF4-4F33-82F8-8B24CA7FEDA4}\data1.cab
[2014-11-30 21:22][2004-04-15 11:59] 0473598 ____A () B678AA92042BBDBB430B0A3D5FDF0887 [File not signed]
 
C:\Program Files (x86)\InstallShield Installation Information\{337BDBC9-9FE1-4AB6-B86B-9CDCCF9A7158}\data1.cab
[2014-11-30 21:25][2004-04-15 11:48] 0473599 ____A () 6D98692AE761F73750EC55C5903CC9AD [File not signed]
 
====== End of Search ======
 
Again, thank you for your time, patience, and assistance.
Jay
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 23 March 2016 - 09:03 AM

Hi Jay,

I appreciate your consideration and understanding. This is really bothering me! :)

Please exclude the following folder in Avast and see if you can run the backup.

C:\Program Files (x86)\InstallShield Installation Information

Let me know if anything changes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 24 March 2016 - 01:10 AM

Gary,
 
I did as you asked.  I excluded C:\Program Files (x86)\InstallShield Installation Information from Avast scans.  I still got the threat message from Avast.  See Verification Failure 2016 0323, attached.  
 
Next, I changed the target folder on the target drive to see if that would make a difference.  It did not [see Verification Failure 2016 0323 2, attached].  
 
Third, I changed an Avast setting to make the backup temp file on the source drive, after which it is supposed to be transferred to the target drive.  That didn’t work either [see Fin 2016-03-23 17-15 post temp attempt.txt, attached].
 
During previous procedures you had me carry out, I noticed that there were cab files in one of the subfolders of the main folder that I have been trying to back up.  I went into that subfolder and zipped all the cab files to 7z files.  Again, that didn’t work.  However, when I removed the H&RBlock subfolder [which contained all the cab files] from the main folder of interest, I finally got BackupMaker to make a backup of the folder.
 
I don’t know whether the H&RBlock cab files actually contain malware.  I tried to backup just that subfolder, got the Avast threat again, and selected “Add the file to the scan exclusion list" [which I had done last week, too.  I then tried again, but it still didn’t back up the subfolder.  So…. It looks like this has actually turned out to be an Avast problem, even though they said it’s not, and I will have to go back to them [or never have an auto-backup of those files].
 
Should I now include “C:\Program Files (x86)\InstallShield Installation Information” in Avast scans again, or leave it out?
 
Thank you so much for your time and help!  This certainly took some unexpected turns, but I never could have isolated the problem without you!
 
Jay
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:00 PM

Posted 24 March 2016 - 08:40 AM

Hi Jay,

Nice bit of detective work. 

Should I now include C:\Program Files (x86)\InstallShield Installation Information in Avast scans again, or leave it out?

Include it.

How large is that H&R folder?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ComputerJinx

ComputerJinx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:03:00 PM

Posted 24 March 2016 - 03:48 PM

Gary,

 

It kept nagging at me that there had to be something different about the folder.  I never would have thought of cab files without your help.

 

I re-included C:\Program Files (x86)\InstallShield Installation Information in Avast scans, and reported the problem as a possible false positive to Avast.  Let me know if you want me to share their response with you [if I get one].

 

The H&R folder is 1.28 GBs.  Do you think the size makes a difference in some way?

 

Many many thanks again.

 

Jay






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users