ur798
Honorary Members-
Posts
24 -
Joined
-
Last visited
Reputation
0 Neutral-
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
My IE browser now alway states A script is too long to run, no respnse, stop the script. Is there something I can do about this? -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
The computer is fine now, thanks so much for your help. -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
=== computer is OK in verything., thanks so much! === fixlog - BELOW Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01 Ran by owner at 2014-11-27 01:08:28 Run:2 Running from C:\Users\owner\Downloads Loaded Profile: owner (Available profiles: owner) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD33BD673-8055-4288-BD42-A511D8DF3BB0&SearchSource=55&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&SSPV= S1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2014-11-23 23:56 - 2013-08-01 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons C:\Users\owner\AppData\Local\temp\avgnt.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45821652.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45821652.sys => ""="Driver" C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Users\jfpfpcalakjnfddgcjefacjjlcbpfihm EmptyTemp: end ***************** HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. Chrome HomePage deleted successfully. asdnet => Service deleted successfully. catchme => Service deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => Moved successfully. C:\Users\owner\AppData\Local\temp\avgnt.exe => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\45821652.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\45821652.sys" => Key deleted successfully. C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Users\jfpfpcalakjnfddgcjefacjjlcbpfihm => Moved successfully. EmptyTemp: => Removed 679.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== === checkup - BELOW Results of screen317's Security Check version 0.99.91 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 2.0.3.1025 Java version 32-bit out of Date! Adobe Reader 10.1.12 Adobe Reader out of Date! Google Chrome (39.0.2171.65) Google Chrome (39.0.2171.71) Google Chrome (plugins...) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Anvisoft Anvi Smart Defender toolbox adblocker\ADBlockerSrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
=== ESET Online Scan log - BELOW C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\FRST\Quarantine\C\Users\owner\AppData\Local\temp\FreemakeYouTubeToMP3Boom_1.0.1.1.exe.xBAD Win32/OpenCandy potentially unsafe application C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Users\jfpfpcalakjnfddgcjefacjjlcbpfihm\background.js Win32/TrojanDownloader.Tracur.V trojan === FRST.txt - BELOW Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 Ran by owner (administrator) on OWNER-PC on 26-11-2014 07:11:34 Running from C:\Users\owner\Downloads Loaded Profile: owner (Available profiles: owner) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe (Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvraidservice.exe (Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (NewSoft Technology Corporation) C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (Brother International) C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] () HKLM\...\Run: [DisplaySwitch] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] () HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [315936 2008-04-28] (NVIDIA Corporation) HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] () HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-13] (Spotify Ltd) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-19] (Google Inc.) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk ShortcutTarget: DSmobileSCAN II.lnk -> C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x022D8A9F9405D001 HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-10] Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD33BD673-8055-4288-BD42-A511D8DF3BB0&SearchSource=55&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&SSPV= CHR StartupUrls: Default -> "hxxp://www.yahoo.com/", "hxxp://www.facebook.com/" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20] CHR Extension: (GOM Web-VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-11-16] CHR Extension: (Adblock for Youtube™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-07-03] CHR Extension: (Alarm Clock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbkahepbpnlepjhehjaagnpednddkdi [2014-11-16] CHR Extension: (Hola Better Internet Engine) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-11-18] CHR Extension: (ZenMate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-25] CHR Extension: (Avira Browser Safety) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-04] CHR Extension: (Hola Better Internet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-25] CHR Extension: (Metric Conversion Chart) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgliedcooajpeddcfjhibeobflojbm [2014-11-16] CHR Extension: (DotVPN - Free and Secure VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2014-11-18] CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-08-12] (Macrovision Europe Ltd.) [File not signed] R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed] S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S1 Beep; No ImagePath R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-09-06] () R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.) R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.) R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [165408 2008-04-28] (NVIDIA Corporation) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-23] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-26 00:24 - 2014-11-26 00:25 - 02347384 _____ (ESET) C:\Users\owner\Desktop\esetsmartinstaller_enu.exe 2014-11-25 01:14 - 2014-11-25 01:27 - 00000000 ____D () C:\Users\owner\AppData\Roaming\vlc 2014-11-25 01:00 - 2014-11-25 01:00 - 00000903 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-11-25 01:00 - 2014-11-25 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-11-25 00:59 - 2014-11-25 00:59 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-11-24 22:05 - 2014-11-24 22:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-24 22:05 - 2014-11-24 22:05 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-24 22:05 - 2014-11-24 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-24 22:05 - 2014-11-24 22:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-24 22:05 - 2014-11-24 22:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-24 22:05 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-24 22:05 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-24 22:05 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-24 21:23 - 2014-11-24 21:23 - 00321848 _____ (Malwarebytes Corporation) C:\Users\owner\Desktop\mbam-clean-2.1.1.1001.exe 2014-11-24 18:20 - 2014-11-24 18:20 - 01707532 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe 2014-11-24 00:19 - 2014-11-24 00:23 - 00000000 ____D () C:\AdwCleaner 2014-11-24 00:18 - 2014-11-24 00:18 - 02148864 _____ () C:\Users\owner\Desktop\AdwCleaner.exe 2014-11-23 23:53 - 2014-11-23 23:53 - 00001101 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk 2014-11-23 23:53 - 2014-11-23 23:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-23 23:51 - 2014-11-23 23:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Desktop\revosetup.exe 2014-11-23 17:54 - 2014-11-23 17:55 - 01214201 _____ () C:\Users\owner\Downloads\openvpn-2.1.1-install.zip 2014-11-23 17:06 - 2014-11-25 19:53 - 00000000 ____D () C:\ProgramData\purevpn 2014-11-23 17:06 - 2014-11-23 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN 2014-11-23 17:06 - 2014-11-23 17:08 - 00000000 ____D () C:\Program Files (x86)\PureVPN 2014-11-23 17:06 - 2014-11-23 17:06 - 00000912 _____ () C:\Users\Public\Desktop\PureVPN.lnk 2014-11-23 17:06 - 2013-08-22 05:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2014-11-23 12:54 - 2014-11-23 12:54 - 00000000 ____D () C:\Users\owner\Downloads\FRST-OlderVersion 2014-11-23 12:26 - 2014-11-23 12:26 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\owner\Desktop\tdsskiller.exe 2014-11-21 00:43 - 2014-11-21 00:43 - 00023582 _____ () C:\ComboFix.txt 2014-11-21 00:15 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-21 00:15 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-21 00:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-21 00:13 - 2014-11-21 00:14 - 05598306 ____R (Swearware) C:\Users\owner\Desktop\ComboFix.exe 2014-11-19 09:58 - 2014-11-23 12:59 - 00033722 _____ () C:\Users\owner\Downloads\Addition.txt 2014-11-19 09:57 - 2014-11-26 07:12 - 00021805 _____ () C:\Users\owner\Downloads\FRST.txt 2014-11-19 09:56 - 2014-11-26 07:11 - 00000000 ____D () C:\FRST 2014-11-19 09:54 - 2014-11-23 12:54 - 02118144 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe 2014-11-19 09:36 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 09:36 - 2014-10-23 19:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 22:58 - 2014-11-18 22:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Golden Frog, GmbH 2014-11-16 11:46 - 2014-11-16 11:46 - 00002059 _____ () C:\Users\owner\Desktop\Chrome App Launcher.lnk 2014-11-16 11:46 - 2014-11-16 11:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-12 10:15 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 10:14 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 10:14 - 2014-09-18 19:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 10:12 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 10:12 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 10:11 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 10:11 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 10:11 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 10:11 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 10:11 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 10:11 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 10:11 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 10:11 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 10:11 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 10:11 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 10:11 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 10:11 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 10:11 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 10:11 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 10:11 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 10:11 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 10:11 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe 2014-11-12 10:04 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 10:04 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 10:04 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 10:04 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 10:04 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 10:04 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:27 - 2014-10-27 15:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:27 - 2014-10-27 15:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 09:27 - 2014-10-27 15:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:27 - 2014-10-27 15:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:27 - 2014-10-27 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:27 - 2014-10-27 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:27 - 2014-10-27 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 09:27 - 2014-10-27 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:27 - 2014-10-27 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:27 - 2014-10-27 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 09:27 - 2014-10-27 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 09:27 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 09:27 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 09:27 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 09:27 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 09:27 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 09:27 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 09:27 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 09:27 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 09:27 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 09:27 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 09:27 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 09:27 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-26 07:09 - 2014-03-22 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-26 07:08 - 2013-06-25 23:03 - 00000000 ____D () C:\Users\owner\Desktop\New Folder 2014-11-26 06:40 - 2013-03-19 00:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-26 05:46 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-26 05:46 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-26 04:46 - 2013-01-09 13:05 - 01744483 _____ () C:\Windows\WindowsUpdate.log 2014-11-26 01:53 - 2013-03-19 00:10 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-25 23:58 - 2013-03-19 00:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-25 20:09 - 2014-03-22 13:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-25 20:09 - 2013-01-20 13:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-25 20:09 - 2013-01-20 13:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 19:48 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 10:21 - 2006-11-02 10:42 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-25 09:35 - 2013-09-12 00:49 - 00175564 _____ () C:\Windows\PFRO.log 2014-11-24 00:11 - 2008-05-21 04:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo! 2014-11-24 00:07 - 2013-01-09 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2014-11-24 00:02 - 2014-05-20 23:44 - 00000000 ____D () C:\ProgramData\Freemake 2014-11-24 00:01 - 2014-05-20 23:43 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-11-23 23:56 - 2013-08-01 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-11-23 17:07 - 2013-01-09 12:11 - 00000000 ____D () C:\Users\owner 2014-11-23 12:34 - 2014-06-20 19:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-11-21 00:43 - 2013-09-11 19:43 - 00000000 ____D () C:\Qoobox 2014-11-21 00:34 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-21 00:29 - 2013-09-11 19:43 - 00000000 ____D () C:\Windows\erdnt 2014-11-20 09:06 - 2013-01-20 13:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer 2014-11-20 01:40 - 2013-08-29 00:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-11-18 23:09 - 2013-01-09 12:22 - 00114784 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-18 23:04 - 2006-11-02 10:21 - 00396320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-18 22:55 - 2014-08-04 07:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 19:51 - 2014-04-16 04:16 - 00000000 ____D () C:\temp 2014-11-18 19:28 - 2013-02-28 04:37 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Malwarebytes 2014-11-17 21:09 - 2013-01-27 20:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games 2014-11-17 14:04 - 2013-01-21 09:01 - 00000000 ____D () C:\Users\owner\Documents\MEC 2014-11-14 23:35 - 2013-03-19 00:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 23:35 - 2013-03-19 00:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 20:32 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache 2014-11-12 10:10 - 2013-08-09 07:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 10:05 - 2006-11-02 07:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-11 23:23 - 2013-05-11 12:18 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps 2014-11-10 09:35 - 2006-11-02 10:27 - 00051996 _____ () C:\Windows\setupact.log 2014-11-08 21:11 - 2013-01-10 12:48 - 00002609 _____ () C:\Users\owner\Desktop\Microsoft Office Excel 2007.lnk 2014-11-07 04:45 - 2013-08-26 17:59 - 00001022 _____ () C:\Users\Public\Desktop\Vz In-Home Agent.lnk 2014-11-06 08:21 - 2014-09-13 02:00 - 00001042 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-06 08:21 - 2013-09-14 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-06 08:21 - 2013-09-14 19:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-04 17:03 - 2006-11-02 07:46 - 00762976 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:30 - 2013-01-09 12:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-03 18:25 - 2013-06-01 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive Some content of TEMP: ==================== C:\Users\owner\AppData\Local\temp\avgnt.exe C:\Users\owner\AppData\Local\temp\Quarantine.exe C:\Users\owner\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 19:58 ==================== End Of Log ============================ === Addition.txt - BELOW Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 Ran by owner at 2014-11-26 07:12:35 Running from C:\Users\owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.) DSmobile 600 (HKLM\...\{1BDEB6E2-6706-4132-A5D3-99190C6BECD8}) (Version: 1.2.9 - Brother) DSmobileSCAN II (HKLM-x32\...\{05227385-5073-46ED-9035-B1910E2613CC}) (Version: 2.0.7 - Brother) Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hardware Diagnostic Tools (HKLM-x32\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.) Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard) HP Demo (HKLM\...\{C9A7340B-1EFD-42A6-9A27-243C50E57FA4}_is1) (Version: HP Demo - Hewlett-Packard) HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard) HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company) iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.) IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle) Java SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.) LightScribe System Software 1.12.37.1 (HKLM-x32\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe) LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) muvee autoProducer 6.1 (HKLM-x32\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.38.7.4074 - PasswordBox, Inc.) PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.) Presto! PageManager 7.16.80 (HKLM-x32\...\{E428B557-A5D7-4F38-ACD9-1BEFBBF3ABB3}) (Version: 7.16.80 - NewSoft Technology Corporation) PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.0.0.0 - PureVPN) Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation) Spotify (HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Update for Office 2007 (KB946691) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft) Update for Outlook 2007 Junk Email Filter (kb944965) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.0.4290 - Golden Frog, GmbH.) Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.65.0 - Verizon) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 04-11-2014 03:10:06 Scheduled Checkpoint 04-11-2014 08:38:03 Windows Update 04-11-2014 22:37:07 Scheduled Checkpoint 06-11-2014 02:07:18 Scheduled Checkpoint 08-11-2014 01:45:33 Windows Update 09-11-2014 16:11:20 Scheduled Checkpoint 10-11-2014 04:02:37 Windows Backup 11-11-2014 01:56:09 Scheduled Checkpoint 11-11-2014 13:08:56 Windows Update 12-11-2014 01:26:12 Scheduled Checkpoint 12-11-2014 15:04:19 Windows Update 13-11-2014 04:44:49 Scheduled Checkpoint 16-11-2014 19:00:02 Scheduled Checkpoint 17-11-2014 14:17:47 Windows Backup 18-11-2014 05:00:22 Scheduled Checkpoint 18-11-2014 10:02:28 Windows Update 19-11-2014 03:55:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 19-11-2014 03:57:37 Device Driver Package Install: TAP-VyprVPN Provider V9 Network adapters 19-11-2014 14:36:07 Windows Update 21-11-2014 02:59:31 Scheduled Checkpoint 22-11-2014 01:48:42 Scheduled Checkpoint 23-11-2014 22:07:24 Device Driver Package Install: TAP-Windows Provider V9 Network adapters 24-11-2014 04:20:53 Windows Backup 24-11-2014 04:54:25 Revo Uninstaller's restore point - Coupon Printer for Windows 24-11-2014 04:56:50 Revo Uninstaller's restore point - DriverUpdate 24-11-2014 04:57:22 Removed DriverUpdate 24-11-2014 04:59:18 Revo Uninstaller's restore point - Apowersoft Free YouTube Downloader V2.0.0 24-11-2014 05:00:42 Revo Uninstaller's restore point - Free YouTube to MP3 Downloader version 1.0 24-11-2014 05:01:29 Revo Uninstaller's restore point - Freemake YouTube To MP3 Boom 24-11-2014 05:03:14 Revo Uninstaller's restore point - Microsoft Works 24-11-2014 05:08:44 Revo Uninstaller's restore point - VyprVPN 24-11-2014 05:10:12 Revo Uninstaller's restore point - Verizon Toolbar 24-11-2014 05:11:03 Revo Uninstaller's restore point - Yahoo! Toolbar 24-11-2014 21:39:01 Scheduled Checkpoint 25-11-2014 14:44:22 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 07:34 - 2014-11-21 00:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4D00D68A-6BC4-4561-885D-DE27F8975BC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.) Task: {8493E5FD-2E45-47E4-83EB-079574C30008} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.) Task: {94B42E86-EFCC-4196-A737-A5CFA68EB100} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BDA3AC2D-9B97-4F7F-BD64-E235043A756A} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard) Task: {C4A7658E-3E7C-4D98-B384-AF257E1EA7B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.) Task: {E166C941-3333-445B-9DDF-3217E74DFD5F} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.) Task: {F684A3CF-907D-4B41-9659-E7C694E48F44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.) Task: {F821735C-427A-42A6-B659-0FC3C44CF8AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-16 15:02 - 2012-11-13 13:18 - 00279368 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe 2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll 2013-01-20 12:14 - 2007-07-18 16:15 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe 2013-05-08 05:46 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll 2013-03-16 15:02 - 2005-01-02 08:22 - 00776192 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-29 15:12 - 2013-05-29 15:12 - 00095232 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll 2013-05-29 15:11 - 2013-05-29 15:11 - 00089088 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll 2013-05-29 15:05 - 2013-05-29 15:05 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFNetC.dll 2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45821652.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45821652.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSmobileSCAN II.lnk => C:\Windows\pss\DSmobileSCAN II.lnk.Startup MSCONFIG\startupreg: HPAdvisor => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY ========================= Accounts: ========================== Administrator (S-1-5-21-2301109152-3522168215-2525550890-500 - Administrator - Disabled) Guest (S-1-5-21-2301109152-3522168215-2525550890-501 - Limited - Disabled) owner (S-1-5-21-2301109152-3522168215-2525550890-1000 - Administrator - Enabled) => C:\Users\owner ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/26/2014 07:09:55 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 07:09:55 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 00:28:23 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 00:25:54 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 00:25:43 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 00:15:26 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/26/2014 00:15:26 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/25/2014 11:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7803966 Error: (11/25/2014 11:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7803966 Error: (11/25/2014 11:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (11/26/2014 07:09:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:59:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:49:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:39:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:29:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:19:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 06:09:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 05:59:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 05:49:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/26/2014 05:39:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (06/27/2013 08:18:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-11-26 07:12:28.569 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:28.285 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:27.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:27.601 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:27.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:26.905 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:26.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-26 07:12:26.251 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-24 22:19:00.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-24 22:19:00.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom 9550 Quad-Core Processor Percentage of memory in use: 53% Total physical RAM: 4862.31 MB Available physical RAM: 2271.69 MB Total Pagefile: 9927.16 MB Available Pagefile: 5931.55 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:454.34 GB) (Free:284.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.42 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive k: (SignatureMini) (Fixed) (Total:465.76 GB) (Free:0.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B515FD0A) Partition 1: (Active) - (Size=454.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B48D754) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ === Update on computer - DO KNOW WHAT THIS MEANS... -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
=== Did the programmes uninstall OK? YES. === AdwCleaner[s0].txt - BELOW # AdwCleaner v4.102 - Report created 24/11/2014 at 00:23:21 # Updated 23/11/2014 by Xplode # Database : 2014-11-23.7 [Live] # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : owner - OWNER-PC # Running from : C:\Users\owner\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\3826797A6C0497390000382641599CAB [!] Folder Deleted : C:\Program Files (x86)\sizlsearch [!] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner [!] Folder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DAE95CB1-D5A3-4B3A-A825-B892B5856A59} Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16592 -\\ Google Chrome v39.0.2171.65 [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN78916051310004797&ctid=CT3289847&UM=2&sspv=CHNTI1 [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN78916051310004797&ctid=CT3289847&UM=2&sspv=CHNTI1 [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317458&octid=EB_ORIGINAL_CTID&ISID=M59116D54-93D1-4FCD-B9EA-C77C02F89692&SearchSource=58&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&q={searchTerms}&SSPV= [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317458&octid=EB_ORIGINAL_CTID&ISID=M59116D54-93D1-4FCD-B9EA-C77C02F89692&SearchSource=58&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&q={searchTerms}&SSPV= ************************* AdwCleaner[R0].txt - [3399 octets] - [24/11/2014 00:19:09] AdwCleaner[s0].txt - [3261 octets] - [24/11/2014 00:23:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3321 octets] ########## === JRT.txt - BLOW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows Vista Home Premium x64 Ran by owner on Mon 11/24/2014 at 18:23:48.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\Users\owner\appdata\local\adawarebp" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/24/2014 at 18:29:17.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ === Did MBAM Clean run successfully? YES. === MBAM log : BELOW Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/24/2014 Scan Time: 10:07:46 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.25.02 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: owner Scan Type: Threat Scan Result: Completed Objects Scanned: 364099 Time Elapsed: 20 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
=== STEP 4 : Addition.txt (BELOW) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 Ran by owner at 2014-11-23 12:55:59 Running from C:\Users\owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Apowersoft Free YouTube Downloader V2.0.0 (HKLM-x32\...\{A69A0916-EE1F-462C-A24E-6AFB962EED05}_is1) (Version: 2.0.0 - Apowersoft) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated) CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.) DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.) DSmobile 600 (HKLM\...\{1BDEB6E2-6706-4132-A5D3-99190C6BECD8}) (Version: 1.2.9 - Brother) DSmobileSCAN II (HKLM-x32\...\{05227385-5073-46ED-9035-B1910E2613CC}) (Version: 2.0.7 - Brother) Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free YouTube to MP3 Downloader version 1.0 (HKLM-x32\...\{C0E97290-A882-4620-BF84-856783496241}_is1) (Version: 1.0 - easy4pc.com) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hardware Diagnostic Tools (HKLM-x32\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.) Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard) HP Demo (HKLM\...\{C9A7340B-1EFD-42A6-9A27-243C50E57FA4}_is1) (Version: HP Demo - Hewlett-Packard) HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard) HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company) iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.) IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle) Java SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.) LightScribe System Software 1.12.37.1 (HKLM-x32\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe) LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) muvee autoProducer 6.1 (HKLM-x32\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.38.7.4074 - PasswordBox, Inc.) PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.) Presto! PageManager 7.16.80 (HKLM-x32\...\{E428B557-A5D7-4F38-ACD9-1BEFBBF3ABB3}) (Version: 7.16.80 - NewSoft Technology Corporation) Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.) Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation) Spotify (HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB) Update for Office 2007 (KB946691) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft) Update for Outlook 2007 Junk Email Filter (kb944965) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}) (Version: - Microsoft) Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.0.4290 - Golden Frog, GmbH.) VyprVPN (HKLM-x32\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.5.4459 - Golden Frog, GmbH.) Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.65.0 - Verizon) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-10-2014 01:35:15 Scheduled Checkpoint 01-11-2014 00:49:56 Windows Update 01-11-2014 18:48:06 Scheduled Checkpoint 03-11-2014 04:19:28 Windows Backup 04-11-2014 03:10:06 Scheduled Checkpoint 04-11-2014 08:38:03 Windows Update 04-11-2014 22:37:07 Scheduled Checkpoint 06-11-2014 02:07:18 Scheduled Checkpoint 08-11-2014 01:45:33 Windows Update 09-11-2014 16:11:20 Scheduled Checkpoint 10-11-2014 04:02:37 Windows Backup 11-11-2014 01:56:09 Scheduled Checkpoint 11-11-2014 13:08:56 Windows Update 12-11-2014 01:26:12 Scheduled Checkpoint 12-11-2014 15:04:19 Windows Update 13-11-2014 04:44:49 Scheduled Checkpoint 16-11-2014 19:00:02 Scheduled Checkpoint 17-11-2014 14:17:47 Windows Backup 18-11-2014 05:00:22 Scheduled Checkpoint 18-11-2014 10:02:28 Windows Update 19-11-2014 03:55:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 19-11-2014 03:57:37 Device Driver Package Install: TAP-VyprVPN Provider V9 Network adapters 19-11-2014 14:36:07 Windows Update 21-11-2014 02:59:31 Scheduled Checkpoint 22-11-2014 01:48:42 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 07:34 - 2014-11-21 00:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4D00D68A-6BC4-4561-885D-DE27F8975BC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.) Task: {8493E5FD-2E45-47E4-83EB-079574C30008} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.) Task: {94B42E86-EFCC-4196-A737-A5CFA68EB100} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BDA3AC2D-9B97-4F7F-BD64-E235043A756A} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard) Task: {BF0C99BD-AF9B-478E-A120-03BFED3B85EE} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-05-14] (SlimWare Utilities, Inc.) Task: {C4A7658E-3E7C-4D98-B384-AF257E1EA7B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.) Task: {E166C941-3333-445B-9DDF-3217E74DFD5F} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.) Task: {F684A3CF-907D-4B41-9659-E7C694E48F44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.) Task: {F821735C-427A-42A6-B659-0FC3C44CF8AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll 2013-03-16 15:02 - 2012-11-13 13:18 - 00279368 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe 2013-05-08 05:46 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll 2013-01-20 12:14 - 2007-07-18 16:15 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe 2013-03-16 15:02 - 2005-01-02 08:22 - 00776192 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2014-11-20 11:38 - 2014-11-20 11:38 - 00071168 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll 2013-05-29 15:12 - 2013-05-29 15:12 - 00095232 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll 2013-05-29 15:11 - 2013-05-29 15:11 - 00089088 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll 2013-05-29 15:05 - 2013-05-29 15:05 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFNetC.dll 2014-11-21 18:43 - 2014-11-14 16:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll 2014-11-21 18:43 - 2014-11-14 16:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45821652.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45821652.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSmobileSCAN II.lnk => C:\Windows\pss\DSmobileSCAN II.lnk.Startup MSCONFIG\startupreg: HPAdvisor => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY ========================= Accounts: ========================== Administrator (S-1-5-21-2301109152-3522168215-2525550890-500 - Administrator - Disabled) Guest (S-1-5-21-2301109152-3522168215-2525550890-501 - Limited - Disabled) owner (S-1-5-21-2301109152-3522168215-2525550890-1000 - Administrator - Enabled) => C:\Users\owner ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: TAP-VyprVPN Adapter V9 Description: TAP-VyprVPN Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-VyprVPN Provider V9 Service: tapvyprvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/23/2014 00:38:12 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 00:37:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 00:37:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 00:34:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 11:36:06 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 11:36:06 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 11:26:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/23/2014 11:22:05 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 11:21:58 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/23/2014 11:21:58 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. System errors: ============= Error: (11/23/2014 00:51:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/23/2014 00:41:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Beep i8042prt Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Internet Connection Sharing (ICS) Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: AD Blocker Service Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Machine Debug Manager%%2 Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: IHA_MessageCenter%%1053 Error: (11/23/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000IHA_MessageCenter Error: (11/23/2014 00:31:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/23/2014 00:30:32 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY) Description: The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 2114. The printer cannot be used by others on the network. Microsoft Office Sessions: ========================= Error: (06/27/2013 08:18:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-11-23 12:55:53.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:53.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:52.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:52.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:51.995 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:51.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:51.204 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-23 12:55:50.868 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-21 00:28:34.309 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-21 00:28:34.050 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom 9550 Quad-Core Processor Percentage of memory in use: 41% Total physical RAM: 4862.31 MB Available physical RAM: 2834.95 MB Total Pagefile: 9925.15 MB Available Pagefile: 7564.31 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:454.34 GB) (Free:284.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.42 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive k: (SignatureMini) (Fixed) (Total:465.76 GB) (Free:1.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B515FD0A) Partition 1: (Active) - (Size=454.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B48D754) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
=== STEP 1 : Fixlog.txt (ABOVE, posted 2 days ago) === STEP 2 : Combofix.txt (BELOW) ComboFix 14-11-18.01 - owner 11/21/2014 0:18.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4862.1262 [GMT -5:00] Running from: c:\users\owner\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\owner\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll . . ((((((((((((((((((((((((( Files Created from 2014-10-21 to 2014-11-21 ))))))))))))))))))))))))))))))) . . 2014-11-21 05:29 . 2014-11-21 05:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-11-21 05:29 . 2014-11-21 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-21 05:29 . 2014-11-21 05:29 -------- d-----w- c:\users\AppData\AppData\Local\temp 2014-11-19 14:56 . 2014-11-20 06:49 -------- d-----w- C:\FRST 2014-11-19 14:36 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-19 14:36 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 04:11 . 2014-11-19 04:11 -------- d-----w- c:\users\owner\AppData\Local\Golden_Frog,_GmbH 2014-11-19 04:11 . 2014-11-19 04:11 -------- d-----w- c:\users\owner\AppData\Local\Golden Frog, GmbH 2014-11-19 03:58 . 2014-11-19 03:58 -------- d-----w- c:\programdata\Golden Frog, GmbH 2014-11-19 03:55 . 2014-11-21 04:37 -------- d-----w- c:\program files (x86)\VyprVPN 2014-11-19 00:28 . 2014-11-19 00:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-19 00:28 . 2014-11-19 00:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-19 00:28 . 2014-10-01 16:11 64216 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-19 00:28 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-12 15:15 . 2014-10-12 23:52 2782208 ----a-w- c:\windows\system32\win32k.sys 2014-11-12 15:14 . 2014-09-19 00:50 278528 ----a-w- c:\windows\SysWow64\schannel.dll 2014-11-12 15:14 . 2014-09-19 00:45 347136 ----a-w- c:\windows\system32\schannel.dll 2014-11-12 15:12 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL 2014-11-12 15:12 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL 2014-11-12 15:04 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll 2014-11-12 15:04 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll 2014-11-12 15:04 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2014-11-12 15:04 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll 2014-11-12 15:04 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-11-12 15:04 . 2014-08-27 00:41 1869824 ----a-w- c:\windows\system32\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-21 05:34 . 2014-06-21 00:54 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-11-13 02:09 . 2013-01-20 18:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-13 02:09 . 2013-01-20 18:29 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-12 15:05 . 2006-11-02 12:35 103374192 ----a-w- c:\windows\system32\mrt.exe 2014-11-04 19:30 . 2013-01-09 17:34 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-11-02 04:20 . 2014-11-18 10:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9457BFE-6F1A-4D94-BECB-A2929C963DFD}\mpengine.dll 2014-10-09 11:24 . 2013-09-15 00:06 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-10-09 11:24 . 2013-09-15 00:06 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-10-07 16:11 . 2014-10-07 16:11 44896 ----a-w- c:\windows\system32\drivers\tapvyprvpn.sys 2014-10-01 16:11 . 2013-09-15 01:46 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-09-09 06:40 . 2014-09-24 04:27 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 06:24 . 2014-09-24 04:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 23:38 . 2014-10-16 04:41 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-13 1176632] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-03-19 39408] "GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-11-05 854344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-18 703736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2012-07-18 313248] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392] "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208] . c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DSmobileSCAN II.lnk - c:\program files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe [2009-10-10 518144] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-5-29 9479536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-14 23:30 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-20 02:09] . 2014-11-21 c:\windows\Tasks\DriverUpdate Startup.job - c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2014-05-14 18:28] . 2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10] . 2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-07-18 20480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-16 15843360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-16 82464] "RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-04-28 315936] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: appledaily.com\www Trusted Zone: appledaily.com.tw\www Trusted Zone: morrisonexpress.com\zlax Trusted Zone: verizon.net\activate Trusted Zone: verizon.net\activatemydsl Trusted Zone: verizon.net\activatemyfios Trusted Zone: verizon.net\activatemyhsi Trusted Zone: verizon.net\activatemywifi Trusted Zone: verizon.net\wbadownload TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe SafeBoot-WudfPf SafeBoot-WudfRd HKLM-Run-DisplaySwitch - (no file) HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe AddRemove-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\uninstall.exe AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}"=hex:51,66,7a,6c,4c,1d,38,12,a7,e6,f1, 21,0e,8a,86,0b,cd,28,00,c3,94,01,6f,da "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{5DB69B97-934B-451D-94DB-32EF802A01CD}"=hex:51,66,7a,6c,4c,1d,38,12,f9,98,a5, 59,79,dd,73,00,eb,cd,71,af,85,74,45,d9 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:bf,af,4f,34,70,ac,cf,01 . [HKEY_USERS\S-1-5-21-2301109152-3522168215-2525550890-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden] "{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAXfxXTB1HME2f1CNH9nIzeQAAAAACAAAAAAADZgAAqAAAABAAAAB2RuJDpMQUReie/RfdV/gAAAAAAASAAACgAAAAEAAAAMuyarrF+ubA9pnBkirlezwYAAAA5BGAx3ZtIESjjFjqRB+0RyX+8Si5OZA3FAAAAF/pcN+0s4kz5L+wxqU0LKa3WfUx" . [HKEY_USERS\S-1-5-21-2301109152-3522168215-2525550890-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock] "LastSynchronizationClock"=hex(b):d0,92,a7,29,ac,45,d1,08 "DeltaClock"=hex(b):29,68,cb,13,00,00,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\sched.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe c:\program files (x86)\HP\HPBDSService\HPBDSService.exe c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\PasswordBox\pbbtnService.exe c:\program files (x86)\VyprVPN\VyprVPNService.exe c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe c:\windows\System32\spool\drivers\x64\3\WrtProc.exe c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe c:\program files (x86)\TechSmith\Snagit 11\SnagPriv.exe c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe c:\hp\kbd\kbd.exe c:\program files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe . ************************************************************************** . Completion time: 2014-11-21 00:43:39 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-21 05:43 . Pre-Run: 304,762,068,992 bytes free Post-Run: 305,702,453,248 bytes free . - - End Of File - - 9632E7B6CEAD6C004865B7DFD63586D8 03BA8F890B47C0BE359A4D5A636D214D === STEP 3 : TDSSKiller log (ATTACHMENT) === STEP 4 : FRST.txt (BELOW) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 Ran by owner (administrator) on OWNER-PC on 23-11-2014 12:54:46 Running from C:\Users\owner\Downloads Loaded Profile: owner (Available profiles: owner) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvraidservice.exe (Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (Brother International) C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] () HKLM\...\Run: [DisplaySwitch] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] () HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [315936 2008-04-28] (NVIDIA Corporation) HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] () HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-13] (Spotify Ltd) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-19] (Google Inc.) HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk ShortcutTarget: DSmobileSCAN II.lnk -> C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x022D8A9F9405D001 HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {DAE95CB1-D5A3-4B3A-A825-B892B5856A59} URL = https://safesearch.avira.com/#web/result?q={searchTerms}&source=omnibar BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-10] Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD33BD673-8055-4288-BD42-A511D8DF3BB0&SearchSource=55&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&SSPV= CHR StartupUrls: Default -> "hxxp://www.yahoo.com/", "hxxp://www.facebook.com/" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20] CHR Extension: (GOM Web-VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-11-16] CHR Extension: (Adblock for Youtube™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-07-03] CHR Extension: (Alarm Clock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbkahepbpnlepjhehjaagnpednddkdi [2014-11-16] CHR Extension: (Hola Better Internet Engine) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-11-18] CHR Extension: (ZenMate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-14] CHR Extension: (Avira Browser Safety) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-04] CHR Extension: (Hola Better Internet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-18] CHR Extension: (Metric Conversion Chart) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgliedcooajpeddcfjhibeobflojbm [2014-11-16] CHR Extension: (DotVPN - Free and Secure VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2014-11-18] CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-08-12] (Macrovision Europe Ltd.) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-12] (Freemake) [File not signed] R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed] S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [144896 2014-11-20] (Golden Frog, GmbH.) [File not signed] S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S1 Beep; No ImagePath R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-09-06] () R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.) R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.) R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [165408 2008-04-28] (NVIDIA Corporation) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-23] () S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2014-10-07] (The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 12:54 - 2014-11-23 12:54 - 00000000 ____D () C:\Users\owner\Downloads\FRST-OlderVersion 2014-11-23 12:26 - 2014-11-23 12:26 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\owner\Desktop\tdsskiller.exe 2014-11-21 00:43 - 2014-11-21 00:43 - 00023582 _____ () C:\ComboFix.txt 2014-11-21 00:15 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-21 00:15 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-21 00:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-21 00:15 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-21 00:13 - 2014-11-21 00:14 - 05598306 ____R (Swearware) C:\Users\owner\Desktop\ComboFix.exe 2014-11-20 23:37 - 2014-11-20 23:37 - 00000804 _____ () C:\Users\Public\Desktop\VyprVPN.lnk 2014-11-20 23:37 - 2014-11-20 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Golden Frog, GmbH 2014-11-19 09:58 - 2014-11-19 10:04 - 00030652 _____ () C:\Users\owner\Downloads\Addition.txt 2014-11-19 09:57 - 2014-11-23 12:55 - 00022272 _____ () C:\Users\owner\Downloads\FRST.txt 2014-11-19 09:56 - 2014-11-23 12:54 - 00000000 ____D () C:\FRST 2014-11-19 09:54 - 2014-11-23 12:54 - 02118144 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe 2014-11-19 09:36 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 09:36 - 2014-10-23 19:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 23:11 - 2014-11-18 23:11 - 00000000 ____D () C:\Users\owner\AppData\Local\Golden_Frog,_GmbH 2014-11-18 23:11 - 2014-11-18 23:11 - 00000000 ____D () C:\Users\owner\AppData\Local\Golden Frog, GmbH 2014-11-18 22:58 - 2014-11-18 22:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Golden Frog, GmbH 2014-11-18 22:58 - 2014-11-18 22:58 - 00000000 ____D () C:\ProgramData\Golden Frog, GmbH 2014-11-18 22:55 - 2014-11-20 23:37 - 00000000 ____D () C:\Program Files (x86)\VyprVPN 2014-11-18 19:28 - 2014-11-18 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-18 19:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-18 19:28 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-16 11:46 - 2014-11-16 11:46 - 00002059 _____ () C:\Users\owner\Desktop\Chrome App Launcher.lnk 2014-11-16 11:46 - 2014-11-16 11:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-12 10:15 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 10:14 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 10:14 - 2014-09-18 19:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 10:12 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 10:12 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 10:11 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 10:11 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 10:11 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 10:11 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 10:11 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 10:11 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 10:11 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 10:11 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 10:11 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 10:11 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 10:11 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 10:11 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 10:11 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 10:11 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 10:11 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 10:11 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 10:11 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe 2014-11-12 10:04 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 10:04 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 10:04 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 10:04 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 10:04 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 10:04 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:27 - 2014-10-27 15:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:27 - 2014-10-27 15:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 09:27 - 2014-10-27 15:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:27 - 2014-10-27 15:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:27 - 2014-10-27 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:27 - 2014-10-27 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:27 - 2014-10-27 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 09:27 - 2014-10-27 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:27 - 2014-10-27 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:27 - 2014-10-27 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:27 - 2014-10-27 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 09:27 - 2014-10-27 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 09:27 - 2014-10-27 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 09:27 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 09:27 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 09:27 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 09:27 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 09:27 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 09:27 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 09:27 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 09:27 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 09:27 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 09:27 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 09:27 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 09:27 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 09:27 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 09:27 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 12:48 - 2013-06-25 23:03 - 00000000 ____D () C:\Users\owner\Desktop\New Folder 2014-11-23 12:40 - 2013-03-19 00:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-23 12:35 - 2014-06-20 19:54 - 00002844 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup 2014-11-23 12:35 - 2014-06-20 19:54 - 00000418 _____ () C:\Windows\Tasks\DriverUpdate Startup.job 2014-11-23 12:35 - 2013-01-09 13:05 - 01660891 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 12:34 - 2014-06-20 19:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-11-23 12:30 - 2013-03-19 00:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-23 12:30 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-23 12:30 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-23 12:30 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-23 12:28 - 2006-11-02 10:42 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-23 12:09 - 2014-03-22 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-21 18:43 - 2013-03-19 00:10 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-21 00:43 - 2013-09-11 19:43 - 00000000 ____D () C:\Qoobox 2014-11-21 00:34 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-21 00:31 - 2013-09-12 00:49 - 00160326 _____ () C:\Windows\PFRO.log 2014-11-21 00:29 - 2013-09-11 19:43 - 00000000 ____D () C:\Windows\erdnt 2014-11-20 09:06 - 2013-01-20 13:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer 2014-11-20 01:40 - 2013-08-29 00:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-11-18 23:09 - 2013-01-09 12:22 - 00114784 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-18 23:04 - 2006-11-02 10:21 - 00396320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-18 22:58 - 2013-01-09 12:11 - 00000000 ____D () C:\Users\owner 2014-11-18 22:55 - 2014-08-04 07:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 19:51 - 2014-04-16 04:16 - 00000000 ____D () C:\temp 2014-11-18 19:28 - 2013-09-14 20:46 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-18 19:28 - 2013-09-14 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-18 19:28 - 2013-02-28 04:37 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Malwarebytes 2014-11-18 19:28 - 2013-02-28 04:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-17 21:09 - 2013-01-27 20:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games 2014-11-17 14:04 - 2013-01-21 09:01 - 00000000 ____D () C:\Users\owner\Documents\MEC 2014-11-14 23:35 - 2013-03-19 00:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 23:35 - 2013-03-19 00:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 21:09 - 2014-03-22 13:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 21:09 - 2013-01-20 13:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 21:09 - 2013-01-20 13:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 20:32 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache 2014-11-12 10:10 - 2013-08-09 07:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 10:05 - 2006-11-02 07:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-11 23:23 - 2013-05-11 12:18 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps 2014-11-10 09:35 - 2006-11-02 10:27 - 00051996 _____ () C:\Windows\setupact.log 2014-11-08 21:11 - 2013-01-10 12:48 - 00002609 _____ () C:\Users\owner\Desktop\Microsoft Office Excel 2007.lnk 2014-11-07 04:45 - 2013-08-26 17:59 - 00001022 _____ () C:\Users\Public\Desktop\Vz In-Home Agent.lnk 2014-11-06 08:21 - 2014-09-13 02:00 - 00001042 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-06 08:21 - 2013-09-14 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-06 08:21 - 2013-09-14 19:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-04 17:03 - 2006-11-02 07:46 - 00762976 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:30 - 2013-01-09 12:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-03 18:25 - 2013-06-01 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-10-26 11:07 - 2013-03-19 00:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk Some content of TEMP: ==================== C:\Users\owner\AppData\Local\temp\avgnt.exe C:\Users\owner\AppData\Local\temp\{062A413C-77B1-40AA-9F02-BDB8922A10C1}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-23 12:40 ==================== End Of Log ============================ tdsskiller report.txt -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
Hi Sorry, I was busy at work and no time to do it. Today Sunday and I will do ALL the steps and post up. Tks./ Raphael -
Scan Malwrebytes once but still has Adf.ly popup in Chrome
ur798 replied to ur798's topic in Resolved Malware Removal Logs
STEP 1 ... fixlog.txt ... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014Ran by owner at 2014-11-20 01:38:47 Run:1Running from C:\Users\owner\DownloadsLoaded Profile: owner (Available profiles: owner)Boot Mode: Normal============================================== Content of fixlist:*****************start(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\ProgramData\Ad-Aware Browsing ProtectionHKLM-x32\...\Run: [] => [X]Winlogon\Notify\vxicjor-x32: C:\Users\owner\AppData\Local\vxicjor.dll [X]C:\Users\owner\AppData\Local\vxicjor.dll AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL File Not FoundAppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" File Not FoundC:\PROGRA~2\SEARCH~1HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....ing}&fr=hp-pvdtSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKLM-x32 -> {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = http://search.yahoo....ing}&fr=hp-pvdtSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No FileWinsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD33BD673-8055-4288-BD42-A511D8DF3BB0&SearchSource=55&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&SSPV=CHR StartupUrls: Default -> "hxxp://www.yahoo.com/", "hxxp://www.facebook.com/"CHR Extension: (Lavasoft NewTab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-29]CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-08]C:\Program Files (x86)\Lavasoft\AdAware SecureSearch ToolbarS1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]2014-11-18 19:57 - 2014-05-24 15:12 - 00000000 ____D () C:\Program Files (x86)\SearchProtectC:\Users\owner\AppData\Local\Google\Desktop\InstallC:\Program Files (x86)\Google\Desktop\InstallC:\Users\owner\AppData\Local\temp\avgnt.exeC:\Users\owner\AppData\Local\temp\FreemakeYouTubeToMP3Boom_1.0.1.1.exeC:\Users\owner\AppData\Local\temp\jre-7u45-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u60-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u67-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\Quarantine.exeC:\Users\owner\AppData\Local\temp\uvrmm6jq.dllTask: {5971E8D6-3E9D-4309-B9F3-A735E72C79E2} - System32\Tasks\mxstuxpybxupd => Cscript.exe //E:javascript C:\Windows\TEMP\tuxpybx.mktC:\Windows\TEMP\tuxpybx.mktCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** [44396] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe => Process closed successfully.C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vxicjor" => Key deleted successfully."C:\Users\owner\AppData\Local\vxicjor.dll" => File/Directory not found."C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL" => Value Data removed successfully."C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" => Value Data removed successfully. "C:\PROGRA~2\SEARCH~1" directory move: Could not move "C:\PROGRA~2\SEARCH~1" directory. => Scheduled to move on reboot. HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key deleted successfully."HKCR\CLSID\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key deleted successfully."HKCR\CLSID\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key not found.HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully."HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key deleted successfully."HKCR\CLSID\{9BF89253-FA46-4F95-B60F-EE08C9735609}" => Key not found."HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key deleted successfully."HKCR\CLSID\{BF5853A8-23B1-4204-B81F-82026B6B3243}" => Key not found.HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully."HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => value deleted successfully."HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}" => Key not found.Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dllWinsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dllChrome HomePage deleted successfully.Chrome StartupUrls deleted successfully.C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole => Moved successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole" => Key deleted successfully.C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx => Moved successfully.C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar => Moved successfully.asdnet => Service deleted successfully.IpInIp => Service deleted successfully.NwlnkFlt => Service deleted successfully.NwlnkFwd => Service deleted successfully.C:\Program Files (x86)\SearchProtect => Moved successfully.C:\Users\owner\AppData\Local\Google\Desktop\Install => Moved successfully.C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.C:\Users\owner\AppData\Local\temp\avgnt.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\FreemakeYouTubeToMP3Boom_1.0.1.1.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\Quarantine.exe => Moved successfully.C:\Users\owner\AppData\Local\temp\uvrmm6jq.dll => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5971E8D6-3E9D-4309-B9F3-A735E72C79E2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5971E8D6-3E9D-4309-B9F3-A735E72C79E2}" => Key deleted successfully.C:\Windows\System32\Tasks\mxstuxpybxupd => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mxstuxpybxupd" => Key deleted successfully."C:\Windows\TEMP\tuxpybx.mkt" => File/Directory not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Echo Request, OK!Reseting Global, OK!Reseting Interface, OK!A reboot is required to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Echo Request, OK!A reboot is required to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 3.1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-20 01:49:06)<= C:\PROGRA~2\SEARCH~1 => Is moved successfully. ==== End of Fixlog ==== -
I had Google Chrome and then downloaded extension, run to have Adf.ly pop up time by time. I scanned with Malwarebytes but still has it pops up... pls help to remove this ... I did Farber Recovery Scan and post the 2 files below Addition.txt ... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014Ran by owner at 2014-11-19 09:58:33Running from C:\Users\owner\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) HiddenAdobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Apowersoft Free YouTube Downloader V2.0.0 (HKLM-x32\...\{A69A0916-EE1F-462C-A24E-6AFB962EED05}_is1) (Version: 2.0.0 - Apowersoft)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) HiddenAvira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)DSmobile 600 (HKLM\...\{1BDEB6E2-6706-4132-A5D3-99190C6BECD8}) (Version: 1.2.9 - Brother)DSmobileSCAN II (HKLM-x32\...\{05227385-5073-46ED-9035-B1910E2613CC}) (Version: 2.0.7 - Brother)Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Free YouTube to MP3 Downloader version 1.0 (HKLM-x32\...\{C0E97290-A882-4620-BF84-856783496241}_is1) (Version: 1.0 - easy4pc.com)Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHardware Diagnostic Tools (HKLM-x32\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) HiddenHewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) HiddenHP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)HP Demo (HKLM\...\{C9A7340B-1EFD-42A6-9A27-243C50E57FA4}_is1) (Version: HP Demo - Hewlett-Packard)HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) HiddenhpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) HiddenHPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard)HPLJUTCore (x32 Version: 004.005.0001 - HP) HiddenHPLJUTM251 (x32 Version: 3.00.0003 - HP) HiddenhppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) HiddenhppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) HiddenhpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) HiddenhpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) HiddenHPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)Java SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)LightScribe System Software 1.12.37.1 (HKLM-x32\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)muvee autoProducer 6.1 (HKLM-x32\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.38.7.4074 - PasswordBox, Inc.)PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)Presto! PageManager 7.16.80 (HKLM-x32\...\{E428B557-A5D7-4F38-ACD9-1BEFBBF3ABB3}) (Version: 7.16.80 - NewSoft Technology Corporation)Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)Spotify (HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)Update for Office 2007 (KB946691) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)Update for Outlook 2007 Junk Email Filter (kb944965) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}) (Version: - Microsoft)Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.0.4290 - Golden Frog, GmbH.)Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.65.0 - Verizon)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 20-10-2014 22:39:21 Scheduled Checkpoint21-10-2014 13:36:25 Windows Update23-10-2014 18:46:28 Scheduled Checkpoint25-10-2014 00:40:55 Scheduled Checkpoint26-10-2014 04:01:47 Scheduled Checkpoint27-10-2014 03:02:38 Windows Backup28-10-2014 22:23:28 Windows Update30-10-2014 00:47:08 Scheduled Checkpoint31-10-2014 01:35:15 Scheduled Checkpoint01-11-2014 00:49:56 Windows Update01-11-2014 18:48:06 Scheduled Checkpoint03-11-2014 04:19:28 Windows Backup04-11-2014 03:10:06 Scheduled Checkpoint04-11-2014 08:38:03 Windows Update04-11-2014 22:37:07 Scheduled Checkpoint06-11-2014 02:07:18 Scheduled Checkpoint08-11-2014 01:45:33 Windows Update09-11-2014 16:11:20 Scheduled Checkpoint10-11-2014 04:02:37 Windows Backup11-11-2014 01:56:09 Scheduled Checkpoint11-11-2014 13:08:56 Windows Update12-11-2014 01:26:12 Scheduled Checkpoint12-11-2014 15:04:19 Windows Update13-11-2014 04:44:49 Scheduled Checkpoint16-11-2014 19:00:02 Scheduled Checkpoint17-11-2014 14:17:47 Windows Backup18-11-2014 05:00:22 Scheduled Checkpoint18-11-2014 10:02:28 Windows Update19-11-2014 03:55:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.6103019-11-2014 03:57:37 Device Driver Package Install: TAP-VyprVPN Provider V9 Network adapters19-11-2014 14:36:07 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 07:34 - 2013-09-11 20:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4D00D68A-6BC4-4561-885D-DE27F8975BC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)Task: {5971E8D6-3E9D-4309-B9F3-A735E72C79E2} - System32\Tasks\mxstuxpybxupd => Cscript.exe //E:javascript C:\Windows\TEMP\tuxpybx.mktTask: {8493E5FD-2E45-47E4-83EB-079574C30008} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)Task: {94B42E86-EFCC-4196-A737-A5CFA68EB100} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {BDA3AC2D-9B97-4F7F-BD64-E235043A756A} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)Task: {BF0C99BD-AF9B-478E-A120-03BFED3B85EE} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-05-14] (SlimWare Utilities, Inc.)Task: {C4A7658E-3E7C-4D98-B384-AF257E1EA7B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E166C941-3333-445B-9DDF-3217E74DFD5F} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)Task: {F684A3CF-907D-4B41-9659-E7C694E48F44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)Task: {F821735C-427A-42A6-B659-0FC3C44CF8AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-16 15:02 - 2012-11-13 13:18 - 00279368 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe2013-01-20 12:14 - 2007-07-18 16:15 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe2013-05-08 05:46 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll2013-03-16 15:02 - 2005-01-02 08:22 - 00776192 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll2013-05-29 15:12 - 2013-05-29 15:12 - 00095232 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll2013-05-29 15:11 - 2013-05-29 15:11 - 00089088 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll2013-05-29 15:05 - 2013-05-29 15:05 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFNetC.dll2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll2014-10-07 11:11 - 2014-10-07 11:11 - 00077312 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll2014-11-14 18:31 - 2014-11-05 18:57 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll2014-11-14 18:31 - 2014-11-05 18:56 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSmobileSCAN II.lnk => C:\Windows\pss\DSmobileSCAN II.lnk.StartupMSCONFIG\startupreg: HPAdvisor => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY ========================= Accounts: ========================== Administrator (S-1-5-21-2301109152-3522168215-2525550890-500 - Administrator - Disabled)Guest (S-1-5-21-2301109152-3522168215-2525550890-501 - Limited - Disabled)owner (S-1-5-21-2301109152-3522168215-2525550890-1000 - Administrator - Enabled) => C:\Users\owner ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2Description: Microsoft Tun Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunmpProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: TAP-VyprVPN Adapter V9Description: TAP-VyprVPN Adapter V9Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: TAP-VyprVPN Provider V9Service: tapvyprvpnProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (11/19/2014 09:34:26 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/19/2014 09:29:42 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/19/2014 09:29:42 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/18/2014 11:55:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 11:51:22 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/18/2014 11:51:22 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (11/18/2014 11:26:24 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={496A78A6-1737-4C78-BE46-0F2F683BB6D0}: The user SYSTEM dialed a connection named VyprVPN which has failed. The error code returned on failure is 691. Error: (11/18/2014 11:25:58 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={D4849B87-2572-4070-B49A-1321A5673450}: The user SYSTEM dialed a connection named VyprVPN which has failed. The error code returned on failure is 691. Error: (11/18/2014 11:25:46 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={EA6DF12D-C470-408D-B52F-3CA0DF5F0D00}: The user SYSTEM dialed a connection named VyprVPN which has failed. The error code returned on failure is 691. Error: (11/18/2014 11:24:51 PM) (Source: RasClient) (EventID: 20227) (User: )Description: CoId={AED1B0BC-054B-4A92-BEF9-DD4EF7B0A207}: The user SYSTEM dialed a connection named VyprVPN which has failed. The error code returned on failure is 0. System errors:=============Error: (11/19/2014 10:00:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/19/2014 09:50:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/19/2014 09:40:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/19/2014 09:34:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: asdnetBeepi8042prt Error: (11/19/2014 09:34:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: asdnet%%3 Error: (11/19/2014 09:34:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: Internet Connection Sharing (ICS) Error: (11/19/2014 09:34:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: AD Blocker Service Error: (11/19/2014 09:34:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Machine Debug Manager%%2 Error: (11/19/2014 09:30:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/19/2014 09:30:11 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2} Microsoft Office Sessions:=========================Error: (06/27/2013 08:18:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-11-19 09:58:28.431 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:28.122 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:27.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:27.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:27.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:26.938 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:26.649 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-19 09:58:26.253 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-18 19:40:12.964 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-18 19:40:12.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom 9550 Quad-Core ProcessorPercentage of memory in use: 48%Total physical RAM: 4862.31 MBAvailable physical RAM: 2496.49 MBTotal Pagefile: 9925.16 MBAvailable Pagefile: 7287.11 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:454.34 GB) (Free:271.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.42 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive k: (SignatureMini) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: B515FD0A)Partition 1: (Active) - (Size=454.3 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS) ========================================================Disk: 5 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B48D754)Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST.txt .... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014Ran by owner (administrator) on OWNER-PC on 19-11-2014 09:57:05Running from C:\Users\owner\DownloadsLoaded Profile: owner (Available profiles: owner)Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe() C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe(Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe(NVIDIA Corporation) C:\WINDOWS\System32\nvraidservice.exe(NewSoft Technology Corporation) C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe(Brother International) C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio64.exe(Hewlett-Packard Company) C:\hp\KBD\kbd.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\splwow64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe(Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] ()HKLM\...\Run: [DisplaySwitch] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] ()HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [315936 2008-04-28] (NVIDIA Corporation)HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.)HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)Winlogon\Notify\vxicjor-x32: C:\Users\owner\AppData\Local\vxicjor.dll [X]HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-13] (Spotify Ltd)HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-19] (Google Inc.)HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeHKU\S-1-5-21-2301109152-3522168215-2525550890-1000\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-11-05] (Google Inc.)AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL File Not FoundAppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnkShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnkShortcutTarget: DSmobileSCAN II.lnk -> C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/HKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndtHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM -> {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM -> {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKLM-x32 -> {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM-x32 -> {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = SearchScopes: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll No FileToolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2301109152-3522168215-2525550890-1000 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No FileDPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-10] Chrome: =======CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD33BD673-8055-4288-BD42-A511D8DF3BB0&SearchSource=55&CUI=&UM=5&UP=SP704CF25B-AC07-43F6-BFEC-233249649ADB&SSPV=CHR StartupUrls: Default -> "hxxp://www.yahoo.com/", "hxxp://www.facebook.com/"CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]CHR Extension: (GOM Web-VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-11-16]CHR Extension: (Adblock for Youtube™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-07-03]CHR Extension: (Alarm Clock) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbkahepbpnlepjhehjaagnpednddkdi [2014-11-16]CHR Extension: (Hola Better Internet Engine) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-11-18]CHR Extension: (ZenMate) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-14]CHR Extension: (Avira Browser Safety) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-04]CHR Extension: (Hola Better Internet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-18]CHR Extension: (Metric Conversion Chart) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgliedcooajpeddcfjhibeobflojbm [2014-11-16]CHR Extension: (DotVPN - Free and Secure VPN) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2014-11-18]CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR Extension: (Lavasoft NewTab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-29]CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] ()R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-08-12] (Macrovision Europe Ltd.) [File not signed]R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-12] (Freemake) [File not signed]R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [122880 2014-10-07] (Golden Frog, GmbH.) [File not signed]S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)S1 Beep; No ImagePathR3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-09-06] ()R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.)R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.)R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [165408 2008-04-28] (NVIDIA Corporation)S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-19] ()S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2014-10-07] (The OpenVPN Project)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 09:57 - 2014-11-19 09:58 - 00024977 _____ () C:\Users\owner\Downloads\FRST.txt2014-11-19 09:56 - 2014-11-19 09:57 - 00000000 ____D () C:\FRST2014-11-19 09:54 - 2014-11-19 09:55 - 02117120 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe2014-11-18 23:11 - 2014-11-18 23:11 - 00000000 ____D () C:\Users\owner\AppData\Local\Golden_Frog,_GmbH2014-11-18 23:11 - 2014-11-18 23:11 - 00000000 ____D () C:\Users\owner\AppData\Local\Golden Frog, GmbH2014-11-18 22:59 - 2014-11-18 22:59 - 00000804 _____ () C:\Users\Public\Desktop\VyprVPN.lnk2014-11-18 22:59 - 2014-11-18 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Golden Frog, GmbH2014-11-18 22:58 - 2014-11-18 22:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Golden Frog, GmbH2014-11-18 22:58 - 2014-11-18 22:58 - 00000000 ____D () C:\ProgramData\Golden Frog, GmbH2014-11-18 22:55 - 2014-11-18 22:59 - 00000000 ____D () C:\Program Files (x86)\VyprVPN2014-11-18 19:28 - 2014-11-18 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-18 19:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-18 19:28 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-16 11:46 - 2014-11-16 11:46 - 00002059 _____ () C:\Users\owner\Desktop\Chrome App Launcher.lnk2014-11-16 11:46 - 2014-11-16 11:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-11-12 10:15 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-12 10:14 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-12 10:14 - 2014-09-18 19:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-12 10:12 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-11-12 10:12 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-11-12 10:11 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-12 10:11 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-12 10:11 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-11-12 10:11 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-12 10:11 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-12 10:11 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-11-12 10:11 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-12 10:11 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-12 10:11 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-12 10:11 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 10:11 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-12 10:11 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-12 10:11 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-12 10:11 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-12 10:11 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-12 10:11 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-12 10:11 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe2014-11-12 10:04 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-12 10:04 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-12 10:04 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-12 10:04 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-11-12 10:04 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-12 10:04 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-11-12 09:27 - 2014-10-27 15:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-11-12 09:27 - 2014-10-27 15:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-11-12 09:27 - 2014-10-27 15:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-11-12 09:27 - 2014-10-27 15:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-11-12 09:27 - 2014-10-27 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-11-12 09:27 - 2014-10-27 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-11-12 09:27 - 2014-10-27 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-11-12 09:27 - 2014-10-27 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-11-12 09:27 - 2014-10-27 15:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-11-12 09:27 - 2014-10-27 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-11-12 09:27 - 2014-10-27 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-11-12 09:27 - 2014-10-27 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-11-12 09:27 - 2014-10-27 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-11-12 09:27 - 2014-10-27 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-11-12 09:27 - 2014-10-27 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-11-12 09:27 - 2014-10-27 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-11-12 09:27 - 2014-10-27 15:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-11-12 09:27 - 2014-10-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-11-12 09:27 - 2014-10-27 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-11-12 09:27 - 2014-10-27 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-11-12 09:27 - 2014-10-27 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-11-12 09:27 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-12 09:27 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-12 09:27 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-12 09:27 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-12 09:27 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-12 09:27 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-12 09:27 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-12 09:27 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-12 09:27 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-12 09:27 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-12 09:27 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-12 09:27 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-12 09:27 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-12 09:27 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-11-12 09:27 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-12 09:27 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-12 09:27 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-12 09:27 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-12 09:27 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-12 09:27 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-12 09:27 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 09:49 - 2013-01-09 13:05 - 01535812 _____ () C:\Windows\WindowsUpdate.log2014-11-19 09:40 - 2013-03-19 00:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-19 09:35 - 2014-06-20 19:54 - 00002844 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup2014-11-19 09:35 - 2014-06-20 19:54 - 00000418 _____ () C:\Windows\Tasks\DriverUpdate Startup.job2014-11-19 09:34 - 2014-06-20 19:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys2014-11-19 09:34 - 2013-08-29 00:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-11-19 09:29 - 2013-03-19 00:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-19 09:29 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-19 09:29 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-11-19 09:29 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-11-19 00:20 - 2006-11-02 10:42 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-11-19 00:09 - 2014-03-22 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-18 23:09 - 2013-01-09 12:22 - 00114784 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-18 23:04 - 2006-11-02 10:21 - 00396320 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-18 23:03 - 2013-09-12 00:49 - 00159208 _____ () C:\Windows\PFRO.log2014-11-18 22:58 - 2013-01-09 12:11 - 00000000 ____D () C:\Users\owner2014-11-18 22:55 - 2014-08-04 07:19 - 00000000 ____D () C:\ProgramData\Package Cache2014-11-18 19:57 - 2014-05-24 15:12 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2014-11-18 19:51 - 2014-04-16 04:16 - 00000000 ____D () C:\temp2014-11-18 19:28 - 2013-09-14 20:46 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-18 19:28 - 2013-09-14 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-11-18 19:28 - 2013-02-28 04:37 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Malwarebytes2014-11-18 19:28 - 2013-02-28 04:37 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-17 21:09 - 2013-01-27 20:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games2014-11-17 14:04 - 2013-01-21 09:01 - 00000000 ____D () C:\Users\owner\Documents\MEC2014-11-14 23:35 - 2013-03-19 00:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-14 23:35 - 2013-03-19 00:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-14 18:31 - 2013-03-19 00:10 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-11-12 21:09 - 2014-03-22 13:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-12 21:09 - 2013-01-20 13:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-12 21:09 - 2013-01-20 13:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-12 20:32 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache2014-11-12 10:10 - 2013-08-09 07:52 - 00000000 ____D () C:\Windows\system32\MRT2014-11-12 10:05 - 2006-11-02 07:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-11-11 23:23 - 2013-05-11 12:18 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps2014-11-10 09:35 - 2006-11-02 10:27 - 00051996 _____ () C:\Windows\setupact.log2014-11-08 21:11 - 2013-01-10 12:48 - 00002609 _____ () C:\Users\owner\Desktop\Microsoft Office Excel 2007.lnk2014-11-07 04:45 - 2013-08-26 17:59 - 00001022 _____ () C:\Users\Public\Desktop\Vz In-Home Agent.lnk2014-11-06 08:21 - 2014-09-13 02:00 - 00001042 _____ () C:\Users\Public\Desktop\Avira.lnk2014-11-06 08:21 - 2013-09-14 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2014-11-06 08:21 - 2013-09-14 19:06 - 00000000 ____D () C:\Program Files (x86)\Avira2014-11-04 17:03 - 2006-11-02 07:46 - 00762976 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-04 14:30 - 2013-01-09 12:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-11-03 18:25 - 2013-06-01 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-10-26 11:07 - 2013-03-19 00:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnkZeroAccess:C:\Users\owner\AppData\Local\Google\Desktop\InstallZeroAccess:C:\Program Files (x86)\Google\Desktop\Install Some content of TEMP:====================C:\Users\owner\AppData\Local\temp\avgnt.exeC:\Users\owner\AppData\Local\temp\FreemakeYouTubeToMP3Boom_1.0.1.1.exeC:\Users\owner\AppData\Local\temp\jre-7u45-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u60-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\jre-7u67-windows-i586-iftw.exeC:\Users\owner\AppData\Local\temp\Quarantine.exeC:\Users\owner\AppData\Local\temp\uvrmm6jq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-19 09:46 ==================== End Of Log ============================
-
Cannot start mbam.exe, blocked by group policy
ur798 replied to ur798's topic in Resolved Malware Removal Logs
Yes, much better and everything seems back to normal. What kind of security software(s) do you suggest that I should keep in the computer for top guard? -
Cannot start mbam.exe, blocked by group policy
ur798 replied to ur798's topic in Resolved Malware Removal Logs
The download button is 'blue' color. After scanned, it said, "No threat found" and I don't see the 'list threats'. -
Cannot start mbam.exe, blocked by group policy
ur798 replied to ur798's topic in Resolved Malware Removal Logs
Combofix.txt ComboFix 13-09-10.03 - owner 09/11/2013 20:50:08.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4862.3400 [GMT -4:00] Running from: c:\users\owner\Desktop\New Folder\Malware folder\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\owner\AppData\Local\assembly\tmp c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\owner\AppData\Roaming\17b69110-8679-4434-9609-34594275da03 c:\windows\PFRO.log . . ((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 ))))))))))))))))))))))))))))))) . . 2013-09-12 01:02 . 2013-09-12 01:02 -------- d-----w- c:\users\owner\AppData\Local\temp 2013-09-12 01:02 . 2013-09-12 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-10 23:46 . 2013-09-10 23:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-09-10 23:46 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-10 23:05 . 2013-09-10 23:05 -------- d-----w- c:\users\owner\AppData\Local\adawarebp 2013-09-10 22:57 . 2013-09-10 22:57 -------- d-----w- c:\program files\iPod 2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\program files\iTunes 2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\program files (x86)\iTunes 2013-09-10 21:43 . 2013-09-10 21:43 -------- d-----w- c:\windows\ERUNT 2013-09-06 09:29 . 2013-07-25 03:37 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-09-06 09:25 . 2013-09-06 09:25 -------- d-----w- c:\users\owner\AppData\Local\Brother 2013-09-06 09:21 . 2013-09-06 09:21 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-09-06 05:26 . 2013-09-06 05:26 -------- d-----w- c:\program files (x86)\ESET 2013-09-06 05:04 . 2013-09-06 05:16 -------- d-----w- c:\programdata\HitmanPro 2013-09-06 01:33 . 2013-09-10 23:04 -------- d-----w- C:\AdwCleaner 2013-09-06 01:28 . 2013-08-20 04:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11AF250B-F612-4700-8401-2EE2D3FC2534}\mpengine.dll 2013-09-05 23:56 . 2013-09-05 23:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-05 23:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-09-05 23:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-09-05 23:53 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll 2013-09-05 23:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-09-05 23:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-09-05 23:53 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll 2013-09-05 23:53 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2013-09-05 23:53 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll 2013-09-05 23:53 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll 2013-09-05 23:53 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-09-05 21:41 . 2013-09-05 21:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-05 18:39 . 2013-09-05 18:39 -------- d-----w- C:\FRST 2013-09-02 22:59 . 2013-09-05 03:35 -------- d-----w- c:\users\owner\AppData\Local\17b69110-8679-4434-9609-34594275da03ad 2013-09-01 10:27 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-08-29 12:01 . 2013-04-11 15:06 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-08-29 05:36 . 2013-08-29 06:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-08-29 05:34 . 2013-08-29 05:34 -------- d-----w- c:\users\owner\AppData\Roaming\LavasoftStatistics 2013-08-29 05:11 . 2013-09-11 23:57 -------- d-----w- c:\program files (x86)\PasswordBox 2013-08-29 05:07 . 2013-08-29 05:07 -------- d-----w- c:\programdata\Lavasoft 2013-08-29 05:07 . 2013-08-29 12:01 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\programdata\Downloaded Installations 2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\program files (x86)\Lavasoft 2013-08-29 05:05 . 2013-08-29 05:05 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-08-29 05:05 . 2012-09-20 09:40 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-08-29 05:05 . 2013-09-02 03:22 -------- d-----w- c:\users\owner\AppData\Roaming\Ad-Aware Antivirus 2013-08-29 04:24 . 2009-08-20 03:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll 2013-08-26 21:11 . 2013-08-26 21:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2013-08-18 13:14 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys 2013-08-18 13:14 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys 2013-08-18 13:14 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys 2013-08-13 01:27 . 2013-08-20 21:05 -------- d-----w- c:\programdata\FLEXnet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-10 21:52 . 2013-01-20 18:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-10 21:52 . 2013-01-20 18:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-06 09:34 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe 2013-09-05 23:56 . 2013-01-09 17:49 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-09-05 23:56 . 2013-01-09 17:49 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-07 08:22 . 2013-01-09 17:34 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-07-08 04:16 . 2013-09-05 23:54 43008 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-16 1104384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-5-29 9479536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x] S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-04 03:37 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-20 21:52] . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-07-18 20480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-16 15843360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-16 82464] "RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-04-28 315936] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: verizon.net\activate Trusted Zone: verizon.net\activatemydsl Trusted Zone: verizon.net\activatemyfios Trusted Zone: verizon.net\activatemyhsi Trusted Zone: verizon.net\activatemywifi Trusted Zone: verizon.net\wbadownload TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-wjpimqnf - (no file) Wow6432Node-HKCU-Run-Spotify - (no file) Wow6432Node-HKCU-Run-aruzext - (no file) Wow6432Node-HKCU-Run-tdiijwzq - (no file) Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe Wow6432Node-HKLM-Run-GameServer33 - c:\users\owner\AppData\Roaming\InstallShield\WIN65B.exe Notify-vxicjor - c:\users\owner\AppData\Local\vxicjor.dll SafeBoot-WudfPf SafeBoot-WudfRd HKLM-Run-DisplaySwitch - (no file) HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe AddRemove-{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1 - c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\unins000.exe AddRemove-Applet - c:\windows\system32\javaws.exe AddRemove-JNLP - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-09-11 21:06:31 ComboFix-quarantined-files.txt 2013-09-12 01:06 . Pre-Run: 346,962,513,920 bytes free Post-Run: 347,581,763,584 bytes free . - - End Of File - - 1A277B44FD116BFAF5D251809B26C9C0 03BA8F890B47C0BE359A4D5A636D214D -
Cannot start mbam.exe, blocked by group policy
ur798 replied to ur798's topic in Resolved Malware Removal Logs
The Malwarebytes was very slow. It took 44 minutes for a 'quick' scan. Usually is 15 mins or so. It really quickens when I brought up task manager and monitor the performance and then all of a sudden the speed is back to normal and finished the scan. -
Cannot start mbam.exe, blocked by group policy
ur798 replied to ur798's topic in Resolved Malware Removal Logs
#1 JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.9 (09.07.2013:1) OS: Windows Vista Home Premium x64 Ran by owner on Tue 09/10/2013 at 17:43:48.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\owner\appdata\local\adawarebp" Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 09/10/2013 at 18:18:54.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #2 AdwCleaner [s2].txt # AdwCleaner v3.003 - Report created 10/09/2013 at 19:03:59 # Updated 07/09/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : owner - OWNER-PC # Running from : C:\Users\owner\Desktop\New Folder\Malware folder\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8116 octets] - [05/09/2013 21:34:09] AdwCleaner[R1].txt - [1073 octets] - [09/09/2013 09:24:01] AdwCleaner[R2].txt - [1034 octets] - [10/09/2013 19:02:48] AdwCleaner[s0].txt - [7546 octets] - [05/09/2013 21:37:28] AdwCleaner[s1].txt - [1160 octets] - [09/09/2013 09:35:48] AdwCleaner[s2].txt - [957 octets] - [10/09/2013 19:03:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1016 octets] ########## #3 mbam-log-2013-09-10 Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.10.12 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] 9/10/2013 7:48:48 PM mbam-log-2013-09-10 (19-48-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228206 Time elapsed: 44 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)