onehipcat Posted October 28, 2014 ID:897573 Share Posted October 28, 2014 Hey ya'll, I have been fighting this iSafe redirect thing for months. it was attached to a tool I downloaded and no matter the tool or forum info I have found will completely remove it. I have followed forum posts on here and elsewhere and used all tools. It comes back either right away or within 2 or 3 days. Programs, hkeys, and more have been deleted multiple times. Please help. This is getting annoying. I mainly use Chrome. I have avast as my main av software. etc Thanks,Onehipcat To kick start this, here is my Hijack This file findings: Logfile of Trend Micro HijackThis v2.0.5Scan saved at 1:08:15 AM, on 10/28/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17344) FIREFOX: 12.0 (en-US)Boot mode: Normal Running processes:C:\Users\Nate\AppData\Local\Akamai\netsession_win.exeC:\Users\Nate\AppData\Local\Akamai\netsession_win.exeC:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exeC:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\PROGRA~2\MICROS~2\Office12\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXEC:\Users\Nate\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file)F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /noguiO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe"O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorunO4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXEO4 - Startup: Monitor Ink Alerts - HP Officejet 6600.lnk = ?O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: TrayMin700.exe.lnk = ?O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://asia.msi.com.twO15 - Trusted Zone: http://global.msi.com.twO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabO16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\..\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\..\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\..\{C8C944E4-F889-46A2-B738-A628A8C87211}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CS1\Services\Tcpip\..\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CS2\Services\Tcpip\..\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: NameServer = 208.69.150.250,208.69.150.252O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeO23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exeO23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeO23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exeO23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) --End of file - 15134 bytes Link to post Share on other sites More sharing options...
onehipcat Posted October 29, 2014 Author ID:898072 Share Posted October 29, 2014 Bumped, and I already took out Kaspersky since it only diagnoses things. I have ran a lot of scans prior to posting this, mbam, avast, spybot, YAC, and more. They all found something and supposedly removed it. H e l p lol Link to post Share on other sites More sharing options...
Maniac Posted November 1, 2014 ID:900688 Share Posted November 1, 2014 Hello onehipcat and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
onehipcat Posted November 1, 2014 Author ID:900839 Share Posted November 1, 2014 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014Ran by Nate (administrator) on ADMIN-AMD on 01-11-2014 12:47:00Running from C:\Users\Nate\DownloadsLoaded Profile: Nate (Available profiles: Admin & Nate & Angela)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how- to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\Alwil Software \Avast5\AvastSvc.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin \RAIDXpertService.exe() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService \1.00.02\AsSysCtrlService.exe(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive \McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive \McciCMService.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam \MSCamS64.exe(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp \NBService.exe(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted \RUBotSrv.exe(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE(Microsoft Corporation) C:\Windows\System32\snmp.exe(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB \vmware-usbarbitrator.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player \vmware-authd.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe() C:\Windows\SysWOW64\WinMsgBalloonServer.exe() C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Akamai Technologies, Inc.) C:\Users\Nate\AppData\Local\Akamai \netsession_win.exe(Akamai Technologies, Inc.) C:\Users\Nate\AppData\Local\Akamai \netsession_win.exe(NDS Technologies) C:\Users\Nate\AppData\Local\DIRECTV Player \PCShowServerPMWrapper.exe() C:\Program Files (x86)\Philips\SPC 700NC PC Camera \TrayMin700.exe() C:\Users\Nate\AppData\Local\DIRECTV Player \NDSPCShowServer.exe(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe(AVAST Software) C:\Program Files\Alwil Software \Avast5\AvastUI.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted \RUBottedGUI.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application \chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application \chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application \chrome.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows \system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA \VIAudioi\VDeck\VDeck.exe [2245120 2009-07-16] (VIA)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009- 02-26] (Microsoft Corporation)HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT \bin\kdbsync.exe [20992 2012-03-19] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-01] (AVAST Software)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013- 07-25] (Trend Micro Inc.)HKU\S-1-5-21-549523805-167737923-3235466408-1001\...\Run: [Facebook Update] => "C:\Users\Nate\AppData\Local\Facebook \Update\FacebookUpdate.exe" /c /nocrashserverHKU\S-1-5-21-549523805-167737923-3235466408-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nate\AppData\Local \Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-549523805-167737923-3235466408-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1HKU\S-1-5-21-549523805-167737923-3235466408-1001\...\Run: [PCShowServer] => C:\Users\Nate\AppData\Local\DIRECTV Player \PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\S-1-5-21-549523805-167737923-3235466408-1001\...\Policies \Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-549523805-167737923-3235466408-1001\... \MountPoints2: {1c390a53-91f1-11e0-a4d6-005056c00008} - G: \TLBootstrap_WPP.exeHKU\S-1-5-21-549523805-167737923-3235466408-1001\... \MountPoints2: {6210a2f1-d8ca-11e1-a245-005056c00008} - F: \ToolLauncher-Bootstrap.exeHKU\S-1-5-21-549523805-167737923-3235466408-1001\... \MountPoints2: {a66865d9-a4be-11e2-978d-005056c00008} - F: \ToolLauncher-Bootstrap.exeHKU\S-1-5-21-549523805-167737923-3235466408-1001\... \MountPoints2: {dfacdf86-f291-11e3-a8b1-005056c00008} - F: \VZW_Software_upgrade_assistant.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs \Startup\TrayMin700.exe.lnkShortcutTarget: TrayMin700.exe.lnk -> C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe ()Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnkShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600.lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6600.lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF- 8763-00608CC02F24} => C:\Program Files\Alwil Software \Avast5\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251- 47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251- 47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251- 47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251- 47B7-93E1-CDD82E34AF8B} => No FileBootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDFB10CF510C2CA01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usURLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB- 00C04FD64497}SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {17E5E1D0-E848-46A0-8664-EAD13704F731} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D- D17F00898D06} -> C:\Program Files\Alwil Software \Avast5\aswWebRepIE64.dll (AVAST Software)BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9- 0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office \Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C- B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java \jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D- D17F00898D06} -> C:\Program Files\Alwil Software \Avast5\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B- 836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b- BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java \jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17- 86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion \Installs\cpn0\YTSingleInstance.dll No FileToolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd- 8999-7F8F10CA4CF5} - No FileToolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.ca bDPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.ca bDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akam ai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabDPF: HKLM-x32 {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cabDPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D- 4ABE-992D-C81140384044/igdtoolx.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflas h.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298- 07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298- 07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226Tcpip\..\Interfaces\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: [NameServer] 208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: [NameServer] 208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: [NameServer] 208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{C8C944E4-F889-46A2-B738-A628A8C87211}: [NameServer] 208.69.150.250,208.69.150.252 FireFox:========FF ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox \Profiles\k7og3s3k.defaultFF DefaultSearchUrl: hxxp://www.bing.com/searchFF Keyword.URL: hxxp://www.bing.com/searchFF Homepage: hxxp://www.google.comFF NewTab: hxxp://www.google.comFF DefaultSearchEngine: GoogleFF SearchEngineOrder.1: GoogleFF SelectedSearchEngine: GoogleFF Plugin: @adobe.com/FlashPlayer -> C:\Windows \system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows \SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows \SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C: \Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C: \Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C: \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C: \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows \system32\TVUAx\npTVUAx.dll No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C: \Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C: \Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll No FileFF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe \Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C: \Users\Nate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )FF Plugin HKCU: @nds.com/PCShowPlugin -> C:\Users\Nate\AppData \Local\DIRECTV Player\npPCShowPlugin.dll No FileFF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Nate\AppData \Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin HKCU: @nds.com/PlayerPlugin64 -> C:\Users\Nate \AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Nate\AppData \Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF SearchPlugin: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox \Profiles\k7og3s3k.default\searchplugins\bing-avast.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox \searchplugins\answers.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox \searchplugins\creativecommons.xmlFF Extension: RivalGaming - C:\Users\Nate\AppData\Roaming \Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e- 13a3a9e97384}\links@rivalgaming.com [2012-05-10]FF Extension: TVU Web Player - C:\Users\Nate\AppData\Roaming \Mozilla\Firefox\Profiles\k7og3s3k.default\Extensions \firefox@tvunetworks.com [2010-07-04]FF Extension: Microsoft .NET Framework Assistant - C:\Users \Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default \Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010 -05-13]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010 -08-09]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010 -11-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010 -12-22]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011 -04-11]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011 -06-22]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012 -02-23]FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF- 36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer \BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6- 365A6E755758}] - C:\ProgramData\Real\RealPlayer \BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-08]FF StartMenuInternet: FIREFOX.EXE - C:\Users\Nate\AppData\Local \Mozilla Firefox\firefox.exe Chrome: =======CHR HomePage: Default -> hxxp://www.google.comCHR StartupUrls: Default -> "hxxp://www.google.com"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL} search?{google:searchFieldtrialParameter}client= {google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q= {searchTerms}&{google:inputType}{google:cursorPosition} {google:currentPageUrl}{google:pageClassification} {google:searchVersion}{google:sessionToken} {google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Nate\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \aapocclcgogkmnckokdopfmhonfmgoek [2014-08-29]CHR Extension: (Google Docs) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \aohghmighlieiainnegkcijnfilokake [2014-08-29]CHR Extension: (Google Drive) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \apdfllckaahabafndbhieahigkjlhalf [2014-08-29]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users \Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions \bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]CHR Extension: (YouTube) - C:\Users\Nate\AppData\Local\Google \Chrome\User Data\Default\Extensions \blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]CHR Extension: (Google Search) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]CHR Extension: (Google Sheets) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \felcaaldnbdncclmgdcncolpebgiejap [2014-08-29]CHR Extension: (Avast Online Security) - C:\Users\Nate\AppData \Local\Google\Chrome\User Data\Default\Extensions \gomekmidlodglbbmalcneegieacbdmki [2014-08-29]CHR Extension: (Google Wallet) - C:\Users\Nate\AppData\Local \Google\Chrome\User Data\Default\Extensions \nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]CHR Extension: (Gmail) - C:\Users\Nate\AppData\Local\Google \Chrome\User Data\Default\Extensions \pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-25] (Adobe Systems) [File not signed]R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE \Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin \RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]S2 AODService; C:\Program Files (x86)\AMD\OverDrive \AODAssist.exe [124256 2009-04-22] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS \AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04- 02] () [File not signed]R2 avast! Antivirus; C:\Program Files\Alwil Software \Avast5\AvastSvc.exe [50344 2014-08-01] (AVAST Software)R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-30] (SurfRight B.V.)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield \Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]R2 McciCMService; C:\Program Files (x86)\Common Files\Motive \McciCMService.exe [319488 2010-01-28] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive \McciCMService.exe [517632 2010-02-02] (Alcatel-Lucent) [File not signed]R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero \Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero \Lib\NMIndexingService.exe [537896 2009-03-25] (Nero AG)R2 PLFlash DeviceIoControl Service; C:\Windows \SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted \RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player \vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel \amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009- 07-05] ()R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014 -08-01] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014- 08-01] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014 -08-01] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014 -08-01] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08 -01] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014- 08-01] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014- 08-01] ()S3 MREMP50; C:\Program Files (x86)\Common Files\Motive \MREMP50.sys [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files (x86)\Common Files\Motive \MRESP50.sys [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev \DVDSYS64_100507.sys [28984 2010-05-10] (Your Corporation)S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev \msibios64_100507.sys [33592 2010-05-10] (Your Corporation)S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev \VGASYS64_100507.sys [14960 2010-05-10] () [File not signed]R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009 -07-15] ()R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))S3 phc700; C:\Windows\System32\DRIVERS\phc700.sys [867712 2006- 10-16] ()R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-01-22] (VMware, Inc.)R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player \vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)S3 ALSysIO; \??\C:\Users\Nate\AppData\Local\Temp\ALSysIO64.sys [X]S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]S3 wanatw; system32\DRIVERS\wanatw64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 12:47 - 2014-11-01 12:47 - 00027098 _____ () C: \Users\Nate\Downloads\FRST.txt2014-11-01 12:46 - 2014-11-01 12:47 - 00000000 ____D () C:\FRST2014-11-01 12:46 - 2014-11-01 12:46 - 02114048 _____ (Farbar) C:\Users\Nate\Downloads\FRST64.exe2014-10-28 01:40 - 2014-10-28 01:40 - 00000632 _____ () C: \Users\Nate\Desktop\JRT.txt2014-10-28 01:32 - 2014-10-18 14:55 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-10-28 01:32 - 2014-10-18 14:55 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-10-28 01:32 - 2014-10-18 14:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-27 00:02 - 2014-10-27 00:03 - 00000000 ____D () C: \Users\Nate\Desktop\The Kids Files2014-10-25 12:34 - 2014-10-25 12:34 - 00001435 _____ () C: \Users\Nate\Desktop\AdwCleaner[s2].txt2014-10-25 11:43 - 2014-10-25 11:43 - 01962496 _____ () C: \Users\Nate\Downloads\adwcleaner_4.001.exe2014-10-25 11:43 - 2014-10-21 14:25 - 01706144 _____ (Thisisu) C:\Users\Nate\Desktop\JRT_NEW.exe2014-10-18 23:28 - 2014-10-18 23:28 - 01278761 _____ () C: \Users\Nate\Downloads\Facebook Insights Data Export - Lazy Nate_s BBQ - 2014-10-18.xls2014-10-18 14:52 - 2014-10-18 14:52 - 00638888 _____ (Oracle Corporation) C:\Users\Nate\Downloads\chromeinstall-8u25.exe2014-10-18 14:34 - 2014-10-18 14:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-10-18 14:34 - 2014-10-18 14:34 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-18 13:16 - 2014-10-25 16:50 - 00000000 ____D () C: \AdwCleaner2014-10-18 13:02 - 2014-10-18 13:02 - 00712240 _____ ( ) C: \Users\Nate\Downloads\FileOpenerSetup.exe2014-10-18 12:55 - 2014-10-18 12:55 - 00000000 ____D () C: \Windows\ERUNT2014-10-18 12:54 - 2014-10-18 12:54 - 01705698 _____ (Thisisu) C:\Users\Nate\Downloads\JRT.exe2014-10-18 12:54 - 2014-10-18 12:54 - 00000000 ____D () C: \ProgramData\Trend Micro2014-10-18 03:15 - 2014-10-18 03:17 - 00003926 _____ () C: \Users\Nate\Desktop\Rkill.txt2014-10-18 03:15 - 2014-10-18 03:15 - 00000924 _____ () C: \Users\Nate\Desktop\NTREGOPT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000924 _____ () C: \Users\Angela\Desktop\NTREGOPT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000924 _____ () C: \Users\Admin\Desktop\NTREGOPT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000905 _____ () C: \Users\Nate\Desktop\ERUNT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000905 _____ () C: \Users\Angela\Desktop\ERUNT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000905 _____ () C: \Users\Admin\Desktop\ERUNT.lnk2014-10-18 03:15 - 2014-10-18 03:15 - 00000000 ____D () C: \Windows\ERDNT2014-10-18 03:15 - 2014-10-18 03:15 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-10-18 03:15 - 2014-10-18 03:15 - 00000000 ____D () C: \Program Files (x86)\ERUNT2014-10-18 03:14 - 2014-10-18 03:14 - 00791393 _____ (Lars Hederer ) C:\Users\Nate\Downloads\erunt-setup.exe2014-10-18 03:13 - 2014-10-18 03:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nate\Downloads\rkill.exe2014-10-17 20:29 - 2014-10-17 20:29 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap2014-10-17 20:29 - 2014-10-17 20:29 - 00000000 ____D () C: \Program Files (x86)\WinPcap2014-10-17 20:27 - 2014-10-17 20:27 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted2014-10-17 20:27 - 2014-10-17 20:27 - 00000000 ____D () C: \Program Files (x86)\Trend Micro2014-10-17 20:26 - 2014-10-17 20:26 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Nate\Downloads\RUBottedSetup.exe2014-10-17 20:25 - 2014-10-17 20:25 - 00202855 _____ () C: \Users\Nate\AppData\Local\ars.cache2014-10-17 20:25 - 2014-10-17 20:25 - 00134437 _____ () C: \Users\Nate\AppData\Local\census.cache2014-10-17 20:16 - 2014-10-17 20:16 - 00000010 _____ () C: \Users\Nate\AppData\Local\sponge.last.runtime.cache2014-10-17 20:08 - 2014-10-17 20:08 - 00000036 _____ () C: \Users\Nate\AppData\Local\housecall.guid.cache2014-10-17 20:08 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys2014-10-17 20:06 - 2014-10-17 20:06 - 02476596 _____ (Trend Micro Inc.) C:\Users\Nate\Downloads\HousecallLauncher64.exe2014-10-17 20:03 - 2014-10-28 01:08 - 00015136 _____ () C: \Users\Nate\Downloads\hijackthis.log2014-10-17 20:03 - 2014-10-17 20:03 - 00014804 _____ () C: \Users\Nate\Desktop\hijackthis.log2014-10-17 20:02 - 2014-10-17 20:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nate\Downloads\HijackThis.exe2014-10-15 22:54 - 2014-10-15 22:54 - 00189368 _____ (Kaspersky Lab) C:\Users\Nate\Downloads \kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6228.exe2014-10-15 05:07 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 05:07 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-15 05:07 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 05:07 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-15 05:07 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-15 05:07 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-15 05:07 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-15 05:07 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-15 05:07 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 05:07 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 05:07 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 05:07 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 05:07 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-15 05:07 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 05:07 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 05:07 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 05:07 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 05:07 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 05:07 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 05:07 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 05:07 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 05:07 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 05:07 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 05:07 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-15 05:07 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 05:07 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 05:07 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 05:07 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-15 05:07 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 05:07 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 05:07 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-15 05:07 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 05:07 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-15 05:07 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-15 05:07 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 05:07 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-15 05:07 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 05:07 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-15 05:07 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-15 05:07 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-15 05:07 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-15 05:07 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-15 05:07 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-15 05:07 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 05:07 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 05:07 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 05:07 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 05:07 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 05:07 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-15 05:07 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-15 05:07 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-15 05:07 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 05:07 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-15 05:07 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 05:07 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-15 05:07 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-15 05:06 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 05:06 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 05:06 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-15 05:06 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-15 05:06 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 05:06 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-15 05:06 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 05:04 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-15 05:04 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-15 05:04 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-15 04:58 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 04:58 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-15 04:58 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-15 04:57 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 04:57 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-15 04:57 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 04:57 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-15 04:57 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 04:57 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-15 04:57 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 04:57 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 04:57 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 04:57 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 04:57 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 04:57 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 04:57 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-15 04:57 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-15 04:57 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-15 04:57 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 04:57 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-14 19:22 - 2014-10-14 19:22 - 00227140 _____ () C: \Users\Nate\Downloads\thirsty_rough_reg_one.zip2014-10-10 21:18 - 2014-10-10 21:18 - 01138397 _____ () C: \Users\Nate\Downloads\7z922.exe2014-10-10 21:18 - 2014-10-10 21:18 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-10-10 21:18 - 2014-10-10 21:18 - 00000000 ____D () C: \Program Files (x86)\7-Zip2014-10-10 20:46 - 2014-10-14 18:12 - 00000000 ____D () C: \Users\Nate\Documents\Lazy Nates2014-10-10 13:34 - 2014-10-10 13:35 - 00002441 _____ () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-10 13:34 - 2014-10-10 13:34 - 00002019 _____ () C: \Users\Public\Desktop\Adobe Reader XI.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 12:44 - 2011-08-19 21:33 - 00000924 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805- 167737923-3235466408-1001UA.job2014-11-01 12:11 - 2010-07-14 12:27 - 00000898 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-01 11:50 - 2012-04-16 14:32 - 00000830 _____ () C: \Windows\Tasks\Adobe Flash Player Updater.job2014-11-01 11:48 - 2012-08-15 19:10 - 00000912 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923 -3235466408-1020UA.job2014-11-01 11:03 - 2010-03-12 14:22 - 00003926 _____ () C: \Windows\System32\Tasks\User_Feed_Synchronization-{4C6B2F59- 6184-443E-B835-27E7A5D2F0C1}2014-11-01 10:08 - 2014-03-27 10:06 - 00000370 _____ () C: \Windows\Tasks\ReclaimerUpdateXML_Angela.job2014-11-01 09:11 - 2010-07-14 12:27 - 00000894 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-01 09:08 - 2014-03-27 10:06 - 00000374 _____ () C: \Windows\Tasks\ReclaimerUpdateFiles_Angela.job2014-11-01 03:33 - 2010-03-12 13:46 - 01828922 _____ () C: \Windows\WindowsUpdate.log2014-10-31 18:44 - 2011-08-19 21:33 - 00000902 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805- 167737923-3235466408-1001Core.job2014-10-31 14:48 - 2012-08-15 19:10 - 00000860 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923 -3235466408-1020Core.job2014-10-30 14:19 - 2014-03-27 10:06 - 00000380 _____ () C: \Windows\Tasks\RNUpgradeHelperLogonPrompt_Angela.job2014-10-30 14:19 - 2009-07-14 00:51 - 02335840 _____ () C: \Windows\setupact.log2014-10-30 04:10 - 2010-03-12 13:23 - 00000177 ____H () C: \dvmexp.idx2014-10-30 04:07 - 2009-07-14 00:45 - 00026336 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P- 1.C7483456-A289-439d-8115-601632D005A02014-10-30 04:07 - 2009-07-14 00:45 - 00026336 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P- 0.C7483456-A289-439d-8115-601632D005A02014-10-30 04:00 - 2010-10-21 22:35 - 00065536 _____ () C: \Windows\system32\Ikeext.etl2014-10-30 04:00 - 2010-03-14 01:48 - 00000000 ____D () C: \ProgramData\VMware2014-10-30 04:00 - 2009-07-14 01:08 - 00000006 ____H () C: \Windows\Tasks\SA.DAT2014-10-28 09:13 - 2014-08-29 02:46 - 00002102 _____ () C: \Users\Public\Desktop\Google Chrome.lnk2014-10-28 09:06 - 2010-07-14 12:27 - 00003894 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-28 09:06 - 2010-07-14 12:27 - 00003642 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-28 06:34 - 2010-03-12 14:54 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-28 01:37 - 2010-03-14 01:48 - 00817100 _____ () C: \Windows\SysWOW64\PerfStringBackup.INI2014-10-28 01:37 - 2009-07-13 23:20 - 00000000 ____D () C: \Windows\tracing2014-10-28 01:32 - 2012-07-17 21:05 - 00000000 ____D () C: \Program Files (x86)\Java2014-10-28 01:07 - 2014-07-31 03:45 - 00000000 ____D () C: \Users\Nate\Downloads\wherecracksappear2014-10-25 16:51 - 2010-03-12 04:04 - 00310756 _____ () C: \Windows\PFRO.log2014-10-25 13:05 - 2014-08-02 03:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \MBAMSwissArmy.sys2014-10-25 13:04 - 2014-08-02 03:34 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-25 13:04 - 2014-08-02 03:34 - 00000000 ____D () C: \Program Files (x86)\Malwarebytes Anti-Malware2014-10-25 13:04 - 2012-02-26 18:06 - 00001102 _____ () C: \Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-24 18:31 - 2012-06-13 13:42 - 00000000 ____D () C: \Users\Nate\AppData\Roaming\SanDisk2014-10-22 23:50 - 2006-08-30 23:30 - 00000000 ____D () C: \Users\Nate\Documents\Blog Files2014-10-18 14:55 - 2013-11-15 14:50 - 00000000 ____D () C: \ProgramData\Oracle2014-10-18 13:27 - 2014-08-29 14:08 - 00000000 ____D () C: \Windows\system32\log2014-10-17 16:01 - 2009-07-13 23:20 - 00000000 ____D () C: \Windows\rescache2014-10-17 15:21 - 2009-07-14 00:45 - 05028984 _____ () C: \Windows\system32\FNTCACHE.DAT2014-10-17 15:18 - 2014-05-10 01:08 - 00000000 ___SD () C: \Windows\system32\CompatTel2014-10-17 14:54 - 2010-03-12 15:26 - 00000000 ____D () C: \ProgramData\Microsoft Help2014-10-17 14:46 - 2013-08-23 02:34 - 00000000 ____D () C: \Windows\system32\MRT2014-10-17 14:37 - 2010-03-12 05:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-14 20:23 - 2010-03-12 14:38 - 00134416 _____ () C: \Users\Nate\AppData\Local\GDIPFONTCACHEV1.DAT2014-10-14 19:41 - 2014-08-21 04:22 - 00000000 ____D () C: \Program Files (x86)\Spybot - Search & Destroy 22014-10-14 19:39 - 2010-03-22 12:08 - 00000000 ____D () C: \Users\Nate\AppData\Local\Adobe2014-10-14 19:38 - 2010-03-12 14:31 - 00000000 ___HD () C: \Program Files (x86)\InstallShield Installation Information2014-10-10 15:09 - 2011-05-03 21:45 - 00000000 ____D () C: \ProgramData\Spybot - Search & Destroy2014-10-10 15:09 - 2011-05-03 21:45 - 00000000 ____D () C: \Program Files (x86)\Spybot - Search & Destroy2014-10-10 13:34 - 2010-03-12 13:15 - 00000000 ____D () C: \ProgramData\Adobe2014-10-10 13:34 - 2010-03-12 13:15 - 00000000 ____D () C: \Program Files (x86)\Adobe2014-10-07 11:13 - 2010-05-25 22:33 - 00000000 ____D () C: \Users\Nate\Documents\CheckPhonePics Some content of TEMP:====================C:\Users\Angela\AppData\Local\Temp\jre-7u25-windows-i586- iftw.exeC:\Users\Angela\AppData\Local\Temp\lowproc.exeC:\Users\Angela\AppData\Local\Temp \MouseKeyboardCenterx64_1033.exeC:\Users\Angela\AppData\Local\Temp\SearchWithGoogleUpdate.exeC:\Users\Angela\AppData\Local\Temp\stubhelper.dllC:\Users\Angela\AppData\Local\Temp \The_Weather_Channel_Application.exeC:\Users\Nate\AppData\Local\Temp\HitmanPro.exeC:\Users\Nate\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Nate\AppData\Local\Temp\ose00000.exeC:\Users\Nate\AppData\Local\Temp\pnD9BB.exeC:\Users\Nate\AppData\Local\Temp\Quarantine.exeC:\Users\Nate\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 01:40 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
onehipcat Posted November 1, 2014 Author ID:900840 Share Posted November 1, 2014 Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014Ran by Nate at 2014-11-01 12:48:12Running from C:\Users\Nate\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.3.0.800 - Adobe Systems Incorporated)Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) HiddenAkamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)AMD OverDrive (HKLM-x32\...\{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}) (Version: 3.0.1.0287 - Advanced Micro Devices, Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Application Profiles (HKLM-x32\...\{095EEF8C-F689-6A5A-0367-15DE9404F5EB}) (Version: 2.0.3729.33949 - ATI Technologies, Inc.)ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hiddenavast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) HiddenCool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDiablo (HKLM-x32\...\Diablo) (Version: - )Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)DIRECTV Player (HKLM-x32\...\{ced7d84f-76e6-4ae6-8de8-4501b4755bd7}) (Version: 10.1 - DIRECTV)EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.33 - )ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{171E6C1E-B5FC-11DF-B115-005056C00008}) (Version: 5.2.1.1588 - Google)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.7 - Google Inc.) HiddenGPU NOS (HKLM-x32\...\{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}) (Version: 1.00.06 - )HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)Hoyle Board Games 4 (HKLM-x32\...\Hoyle Board Games 4) (Version: - )HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Picture It! Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox (3.6.17) (HKLM-x32\...\Mozilla Firefox (3.6.17)) (Version: 3.6.17 (en-US) - Mozilla)Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Namo WebCanvas 2006 (HKLM-x32\...\{A9DE7D74-A4D9-465A-9EE1-49D1577983AA}) (Version: 2.0 - Sejoong Namo Interactive, Inc.)Namo WebEditor 2006 (HKLM-x32\...\{980A3C34-1652-472D-84AC-2A4D3D4955BF}) (Version: 7.0 - Sejoong Namo Interactive, Inc.)Namo WebUtilities 2006 (HKLM-x32\...\{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}) (Version: 1.1 - Sejoong Namo Interactive, Inc.)Nero 8 Essentials (HKLM-x32\...\{C9FFC925-E27E-436E-A2DF-652324D51033}) (Version: 8.3.630 - Nero AG)PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.79 - ASUSTek)Philips SPC210NC Webcam (HKLM-x32\...\{38D95956-E92C-4473-904B-CD877EA04410}) (Version: 1.0.0.0 - )Philips VLounge (HKLM-x32\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version: - ArcSoft)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Platform (x32 Version: 1.34 - VIA Technologies, Inc.) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.26 - AMD)RAIDXpert (x32 Version: 2.4.1540.26 - AMD) HiddenRangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: 1.00.000 - )SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2380.0 - SAMSUNG Electronics Co., Ltd.)Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SPC 700NC PC Camera (HKLM-x32\...\{9C5B9ED6-0344-4550-A4AB-C4499EB36053}) (Version: - )Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenThe Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) HiddenTrend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.00.13 - )Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)VCRedistSetup (x32 Version: 1.0.0 - Nero AG) HiddenVIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)VMware Player (x32 Version: 3.0.1.11056 - VMware, Inc.) HiddenWebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-549523805-167737923-3235466408-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nate\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileCustomCLSID: HKU\S-1-5-21-549523805-167737923-3235466408-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nate\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-549523805-167737923-3235466408-1001_Classes\CLSID\{7BCD76A2-E9A0-4332-BE18-9D7D40288621}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-549523805-167737923-3235466408-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Nate\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)CustomCLSID: HKU\S-1-5-21-549523805-167737923-3235466408-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nate\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 18-10-2014 18:32:24 Installed Java 7 Update 7121-10-2014 07:10:13 Windows Update24-10-2014 08:33:11 Windows Update28-10-2014 05:31:12 Removed Java 7 Update 7128-10-2014 05:33:04 Removed Facebook Video Calling 2.0.0.44728-10-2014 09:08:16 Windows Update01-11-2014 07:00:40 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-30 03:00 - 00450770 ___RA C:\Windows\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 123fporn.info127.0.0.1 www.123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019FB41E-BBD0-46D2-A3AA-9C3E40DD1039} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1020 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {06F1E042-7037-47C0-8EBD-F21A2731113F} - System32\Tasks\ReclaimerUpdateFiles_Angela => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-27] (RealNetworks, Inc.)Task: {1226DC6D-E03B-4127-A1BF-FA3BD330282A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeTask: {198948D8-CE0A-4079-9EFE-3C79A66EE418} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {1DBFB5BF-C47E-4750-9AD1-4F5A15461601} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020UA => C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)Task: {1EE11D59-889E-40BF-A663-97FA4FE60B46} - System32\Tasks\ASUS\ASUS GPU NOS => C:\Program Files (x86)\ASUS\GPU NOS\Gpu.exe [2009-07-10] ()Task: {20FF2BD2-6AEB-409A-AA69-4F23D2F00F34} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-AMD-Nate => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)Task: {2B79382E-6833-415B-96E9-256756B40847} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1018 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {2BBDB803-49C2-4BE0-B21B-490587D04698} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {3283E233-5F01-4615-A311-D8A68A10BCDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {534E50A2-C928-4AF8-9E1A-EA057B02AF2D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1020 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {5B9B0782-D0A7-4785-8270-A01E8C31A627} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {628F1BC5-C2E0-4FCD-BE72-385F86223FCA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {65BD65C8-A7B5-48A1-8377-C0DA8F95C917} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {69BC4483-A1DE-421E-9556-15B7A220FBAB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1001Core => C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: {6C85BFFF-8F2C-4015-9167-0E16C4D7F68D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {6E2C7D30-1956-47BD-85FB-7FE1E2D5C8D3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {704B8379-4422-470B-A806-AF52C15D7EB0} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()Task: {8546FB87-C21A-4F24-8371-4D61672DFA52} - System32\Tasks\{8222D3D3-7C39-4FDB-A1B6-7F0D2485A9F3} => C:\Program Files (x86)\Mindscape\Chessmaster 5500\Cm5500.exe [1997-11-24] ()Task: {886175CB-5F17-4DFD-BE13-609D65B72CC3} - System32\Tasks\{D6DC3291-19A8-4094-965B-083BF243CD37} => C:\Program Files (x86)\Mindscape\Chessmaster 5500\Cm5500.exe [1997-11-24] ()Task: {89316E4F-0310-4E20-9ACB-B26BCDA60992} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-08-01] (AVAST Software)Task: {926735C7-27D0-44F0-A7F1-4005AC035817} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {996974AD-9376-4CF4-AC9A-627BDAB0A70A} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-08-20] (ASUSTeK Computer Inc.)Task: {9B103EEE-F876-4C46-B3A1-4C53C3F83E39} - System32\Tasks\ReclaimerUpdateXML_Angela => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-27] (RealNetworks, Inc.)Task: {9E8A8922-8E07-4965-9CD1-562555F54EB3} - System32\Tasks\RegTask => C:\Program Files (x86)\RegTask\RegTask.exeTask: {A1BA7224-797B-4CFF-BC7A-1CEA81A8A8C2} - System32\Tasks\RNUpgradeHelperLogonPrompt_Angela => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-27] (RealNetworks, Inc.)Task: {A470F50D-D53F-44BC-B31C-EE49D32D76EB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1020 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {ACBE813B-4C08-4CFD-881B-A9153C7B663C} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exeTask: {AFAA8F0F-BC7F-4B75-9869-553BDA5FD980} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {B7167816-60EC-4024-8932-88BB41CE8EA5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020Core => C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)Task: {BB63C7A6-6504-41B9-BB44-65AEE1A6B695} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-08-19] (ASUSTeK Computer Inc.)Task: {CB3B13A1-FD85-4ED6-968B-F635E2BC620F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {CDB09335-E303-461B-BC19-84DBA6E22C23} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {DA92DEC9-50B4-4000-89AC-6ACCE56FED7E} - System32\Tasks\{DFE95CD1-D563-454D-9E56-058584996F1F} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)Task: {DDF3BD7E-0F17-4997-BA85-A6F465C8D133} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {E3886866-3737-4D64-A60F-2A35563E6BD3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {E48C9BE6-3723-49FA-96B7-E1D59B0CB755} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1020 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {E4A391E5-0071-4D7C-AD30-74B863A3EAC1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {E5C2584D-B0C6-4921-9FBA-DEF7197B43D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1001UA => C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: {E8B970ED-3DF7-46A4-AEAD-A8FB1DE70F49} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1018 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {F1A8314F-B8CA-410C-A44F-FF2A9F5CA587} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {F6E86D98-9478-4AB0-87A6-67EE0D5EB168} - System32\Tasks\RNUpgradeHelperResumePrompt_Angela => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-27] (RealNetworks, Inc.)Task: {F8C566F7-7D20-40E6-B94E-3AA7043C3433} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-549523805-167737923-3235466408-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {FF4D9A3F-2EE6-49F6-B459-558B6513226D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-549523805-167737923-3235466408-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1001Core.job => C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1001UA.job => C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020Core.job => C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020UA.job => C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ReclaimerUpdateFiles_Angela.job => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\ReclaimerUpdateXML_Angela.job => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\RegTask.job => C:\Program Files (x86)\RegTask\RegTask.exeTask: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Angela.job => C:\Users\Angela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe ==================== Loaded Modules (whitelisted) ============= 2009-03-16 01:47 - 2009-03-16 01:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe2010-03-12 13:18 - 2009-04-02 00:27 - 00090112 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe2009-03-16 01:47 - 2009-03-16 01:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe2009-03-16 01:47 - 2009-03-16 01:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2011-08-19 21:52 - 2005-07-12 20:04 - 00278528 _____ () C:\Program Files (x86)\Philips\SPC 700NC PC Camera\TrayMin700.exe2014-07-28 16:25 - 2014-07-28 16:25 - 01523560 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exe2010-03-23 18:34 - 2009-05-07 04:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll2010-03-23 18:34 - 2009-05-07 04:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll2010-03-23 18:34 - 2008-01-18 02:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll2010-03-23 18:34 - 2009-07-09 22:48 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll2014-08-01 07:12 - 2014-08-01 07:12 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll2014-10-29 17:13 - 2014-10-29 17:13 - 02897920 _____ () C:\Program Files\Alwil Software\Avast5\defs\14102902\algo.dll2014-10-30 08:02 - 2014-10-30 08:02 - 02897920 _____ () C:\Program Files\Alwil Software\Avast5\defs\14103000\algo.dll2014-11-01 08:51 - 2014-11-01 08:51 - 02898944 _____ () C:\Program Files\Alwil Software\Avast5\defs\14110100\algo.dll2014-10-17 20:27 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll2010-01-22 21:57 - 2010-01-22 21:57 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll2010-01-22 21:56 - 2010-01-22 21:56 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll2014-07-28 16:25 - 2014-07-28 16:25 - 05979488 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServer.dll2014-07-28 16:25 - 2014-07-28 16:25 - 03261280 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\DrmSingleton.dll2014-07-28 16:27 - 2014-07-28 16:27 - 00338784 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\ndsLogStore.dll2014-07-28 16:25 - 2014-07-28 16:25 - 02229096 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\DiscoveryManager.dll2014-07-28 16:26 - 2014-07-28 16:26 - 00689000 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll2014-07-28 16:27 - 2014-07-28 16:27 - 01403224 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\libxml2-2.dll2014-07-28 16:27 - 2014-07-28 16:27 - 00091976 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\z.dll2014-07-28 16:26 - 2014-07-28 16:26 - 00060272 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll2014-07-28 16:26 - 2014-07-28 16:26 - 00043880 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll2014-07-28 16:26 - 2014-07-28 16:26 - 00205672 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\libgstbase-0.10.dll2014-07-28 16:26 - 2014-07-28 16:26 - 07742304 _____ () C:\Users\Nate\AppData\Local\DIRECTV Player\gsttspplugin.dll2014-08-01 07:12 - 2014-08-01 07:12 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-10-28 09:13 - 2014-10-22 00:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-28 09:13 - 2014-10-22 00:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-28 09:13 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-28 09:13 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Nate\Desktop\clonewarsconf.png:SummaryInformationAlternateDataStreams: C:\Users\Nate\Desktop\clonewarsconf.png:Updt_SummaryInformationAlternateDataStreams: C:\Users\Nate\Desktop\clonewarsconf.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Nate\Desktop\usmcguideon.jpg:SummaryInformationAlternateDataStreams: C:\Users\Nate\Desktop\usmcguideon.jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Nate\Desktop\usmcguideon.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Nate\Documents\Do whatever ya want, if it eases your soul.eml:OECustomPropertyAlternateDataStreams: C:\Users\Nate\Documents\Hi, It's me again.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1268542844\ee\AOLSoftware.exeMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"MSCONFIG\startupreg: Turbo Key => "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"MSCONFIG\startupreg: VMware hqtray => "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" ========================= Accounts: ========================== Admin (S-1-5-21-549523805-167737923-3235466408-1000 - Administrator - Enabled) => C:\Users\AdminAdministrator (S-1-5-21-549523805-167737923-3235466408-500 - Administrator - Disabled)Angela (S-1-5-21-549523805-167737923-3235466408-1020 - Administrator - Enabled) => C:\Users\AngelaGuest (S-1-5-21-549523805-167737923-3235466408-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-549523805-167737923-3235466408-1022 - Limited - Enabled)Nate (S-1-5-21-549523805-167737923-3235466408-1001 - Administrator - Enabled) => C:\Users\Nate__vmware_user__ (S-1-5-21-549523805-167737923-3235466408-1008 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (11/01/2014 06:38:30 AM) (Source: Windows Backup) (EventID: 4104) (User: )Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (11/01/2014 01:25:49 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (11/01/2014 01:25:49 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/31/2014 00:59:11 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/31/2014 00:59:11 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/29/2014 01:20:51 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/29/2014 01:20:51 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/28/2014 01:58:31 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/28/2014 01:58:31 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors:=============Error: (10/30/2014 04:00:17 AM) (Source: SNMP) (EventID: 1500) (User: )Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Microsoft Office Sessions:=========================Error: (05/14/2013 02:29:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226 seconds with 60 seconds of active time. This session ended with a crash. Error: (05/12/2013 05:37:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/11/2013 01:18:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/29/2012 10:14:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/08/2012 00:03:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/02/2012 01:59:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2012 11:50:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87 seconds with 60 seconds of active time. This session ended with a crash. Error: (02/16/2012 03:48:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/14/2012 01:12:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/18/2011 06:41:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Phenom 9750 Quad-Core ProcessorPercentage of memory in use: 54%Total physical RAM: 3839.18 MBAvailable physical RAM: 1745.57 MBTotal Pagefile: 7676.53 MBAvailable Pagefile: 5297.3 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:390.53 GB) (Free:186.81 GB) NTFSDrive e: (Backup) (Fixed) (Total:151.03 GB) (Free:42.83 GB) NTFSDrive m: (Media) (Fixed) (Total:156.98 GB) (Free:153.57 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 937628C0)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=157 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=151 GB) - (Type=OF Extended) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted November 1, 2014 ID:900842 Share Posted November 1, 2014 Please attach your FRST.txt, because is difficult for read. Link to post Share on other sites More sharing options...
onehipcat Posted November 1, 2014 Author ID:900855 Share Posted November 1, 2014 here we go.FRST.txt Link to post Share on other sites More sharing options...
Maniac Posted November 1, 2014 ID:900904 Share Posted November 1, 2014 Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Threat Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Step 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.In your next reply, post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
onehipcat Posted November 1, 2014 Author ID:901024 Share Posted November 1, 2014 OK, MBAM didn't find anything, and here is the Esetesetlog.txt Link to post Share on other sites More sharing options...
Maniac Posted November 2, 2014 ID:901330 Share Posted November 2, 2014 Please locate and manually delete the following folder: C:\Users\Nate\AppData\Local\TempImages Reboot your system and let me know how are things there now. Link to post Share on other sites More sharing options...
onehipcat Posted November 3, 2014 Author ID:901949 Share Posted November 3, 2014 I took the folder out. But it's back already. I took the folder out last night, and today it's already back. This is frustrating. Link to post Share on other sites More sharing options...
Maniac Posted November 3, 2014 ID:902094 Share Posted November 3, 2014 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
onehipcat Posted November 3, 2014 Author ID:902116 Share Posted November 3, 2014 Ran. And here it is:ComboFixLog1.txt Link to post Share on other sites More sharing options...
Maniac Posted November 5, 2014 ID:903245 Share Posted November 5, 2014 Any progress? Link to post Share on other sites More sharing options...
onehipcat Posted November 6, 2014 Author ID:903377 Share Posted November 6, 2014 So far so good I think. But last time I ran combo, it took 3 days and it came back, so please don't close the thread yet.And should I remove all of the "tools" used during this and prior to this? Other than Mbam and active virus scan? Link to post Share on other sites More sharing options...
onehipcat Posted November 6, 2014 Author ID:903877 Share Posted November 6, 2014 Ok, it's already back. I did a search just a few minutes ago. I am not understanding how it keeps getting removed, and then comes right back in a day or so. Link to post Share on other sites More sharing options...
Maniac Posted November 9, 2014 ID:905241 Share Posted November 9, 2014 Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
onehipcat Posted November 10, 2014 Author ID:906041 Share Posted November 10, 2014 That did take awhile for a 750 gb HD... KasperskyScan.txt Link to post Share on other sites More sharing options...
onehipcat Posted November 10, 2014 Author ID:906093 Share Posted November 10, 2014 and that did Not take away the redirect. I am frustrated because I have used All of these tools, plus the ones in another thread, and it still comes back or doesn't go anywhere. Link to post Share on other sites More sharing options...
Maniac Posted November 11, 2014 ID:906583 Share Posted November 11, 2014 Try to reset your Chrome settings: https://support.google.com/chrome/answer/3296214?hl=en Reboot your system and check again. Link to post Share on other sites More sharing options...
onehipcat Posted November 12, 2014 Author ID:906769 Share Posted November 12, 2014 done that many times before I even got here. Link to post Share on other sites More sharing options...
Maniac Posted November 12, 2014 ID:907122 Share Posted November 12, 2014 I would like to do this now after my steps. Link to post Share on other sites More sharing options...
onehipcat Posted November 13, 2014 Author ID:907259 Share Posted November 13, 2014 Ok, I went to reset the Chrome setting via "advanced settings", and I did it 3 times. Ironically, it didn't do it. I then reset browsing history, and it seemed to reset there. (I had already closed the browsing window, and re-opened, each time) And now, still redirected. Just FYI, I am not someone who is slow about how this stuff works. I have some IT experience, some. But when it comes to this, I am at a loss. At this point I am thinking the best way to get rid of it, is reformatting, and that is a "worst case scenario", as the access to a plug n play hard drive to back things up is none, for now. And I am not trying to play "know it all", I am just frustrated. When I have ran some of these, I have had "this file is password protected", "file is not found", and several others. I do not password protect, that shouldn't be able to be deleted by admin privileges. Frustrated, and thanks for the continued help. Link to post Share on other sites More sharing options...
onehipcat Posted November 13, 2014 Author ID:907260 Share Posted November 13, 2014 Basically, I have no problem getting into the registry or whatnot, if that's what keeps calling this stuff up. Or doing any of that. You just might have to guide me so I don't screw up. lol Link to post Share on other sites More sharing options...
Maniac Posted November 13, 2014 ID:907632 Share Posted November 13, 2014 Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
Recommended Posts