Jump to content


Photo

Need help cleaning up

Started by Calicoo , Sep 06 2014 03:53 PM

  • This topic is locked This topic is locked
12 replies to this topic

#1 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 06 September 2014 - 03:53 PM

I recently downloaded a sketchy program and it installed a bunch of bloatware. Just doing a checkup to make sure I'm clean. Logs to follow.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/6/2014
Scan Time: 3:59:21 PM
Logfile: Scan_Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.06.07
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365630
Time Elapsed: 25 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 1
PUP.Optional.MyOSProtect.A, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, 1288, Delete-on-Reboot, [25744089a7d46acc80368d6646bc956b]

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}, Quarantined, [86138d3cdd9e95a135a77d02927009f7],
PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MyOSProtect, Quarantined, [25744089a7d46acc80368d6646bc956b],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64, Quarantined, [6237f3d6c4b78da9ab30fc0019e944bc],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc, Quarantined, [594099307704d561c76e140333d00af6],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\CLASSES\esrv.privitizeESrvc.1, Quarantined, [4a4f95342457ab8b4ce9b16649ba48b8],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.privitizeESrvc, Quarantined, [564359704a31c76fba7bd14683807888],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.privitizeESrvc.1, Quarantined, [a4f55e6b33480c2a43f244d3ee15a15f],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, Quarantined, [dabfad1c5b20f04646f39483aa593fc1],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\INDUSTRIYA\privitize, Quarantined, [6732e9e0a5d680b665d10d0a9f64b64a],
PUP.Optional.Sizlsearch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update sizlsearch, Quarantined, [aeeb6762394223136f97c28a33d1bf41],
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-1921504723-3067785668-3859143433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INDUSTRIYA\privitize, Quarantined, [0891dfea3942df5752e545d2a2610bf5],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1921504723-3067785668-3859143433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [3267b613c0bbc86e309d9184976c51af],

Registry Values: 1
PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT|ImagePath, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, Quarantined, [0792a0295f1ca096e8cfb63ddb2707f9]

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1921504723-3067785668-3859143433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo....r=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie),Replaced,[7722c405661539fd0f044f9749bb2ed2]

Folders: 6
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [15847e4b9fdc9e9810b1bcfdaa58f808],
PUP.Optional.SevereWeatherAlerts, C:\Users\Eric\AppData\Local\Weather_Notifications,_LL, Quarantined, [d2c7dbee82f93bfb1aaa00c9d2306a96],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3288691, Quarantined, [059422a7dba089adbc1b0dbce41e20e0],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3297861, Quarantined, [47524f7aed8e75c14a8db8114ab822de],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0, Quarantined, [79204f7a1566132317c3428f877bde22],

Files: 30
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys, Delete-on-Reboot, [9ac80a31c32504596f834222c0b85c7f],
PUP.Optional.SevereWeatherAlerts.A, C:\Users\Eric\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, Delete-on-Reboot, [4b4e5871dc9f7bbb7d82570d23de8e72],
PUP.Riskware.GameCheat, C:\Program Files (x86)\CarbonPoker Odds Calculator\CPOC.exe, Quarantined, [4851fecb8eed989ec265885acb35da26],
PUP.Riskware.GameCheat, C:\Program Files (x86)\CarbonPoker Omaha Calculator\CPOOC.exe, Quarantined, [5643d8f1d5a6e15582a5b2301ae649b7],
PUP.Optional.OpenCandy, C:\Users\Eric\AppData\Local\Temp\DarkWave-Studio-Setup.exe, Quarantined, [0990646507743bfbfd5665b15aaba25e],
PUP.Optional.Spigot, C:\Users\Eric\AppData\Local\Temp\~spA852.tmp, Quarantined, [2277ac1d48337db9091ea900b44d7e82],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3288691\ism.exe, Quarantined, [801909c0ff7ccf6716040d89798853ad],
PUP.Optional.SevereWeatherAlerts, C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [712822a7b7c456e0eda87fa4b0500df3],
PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtectOff.ini, Quarantined, [6a2fd8f16f0cce68971d41b2e91938c8],
PUP.Optional.MyOSProtect.A, C:\Windows\SysWOW64\MyOSProtectOff.ini, Quarantined, [80190fbadc9f68ce476df1022cd6936d],
PUP.Optional.MyOSProtect.A, C:\Windows\SysWOW64\MyOSProtect.ini, Quarantined, [e1b800c92d4e1521734209eae51dc040],
PUP.Optional.MyOSProtect.A, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, Delete-on-Reboot, [25744089a7d46acc80368d6646bc956b],
Rogue.Multiple, C:\ProgramData\374311380\BITF56.tmp, Quarantined, [15847e4b9fdc9e9810b1bcfdaa58f808],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3288691\chromeid.txt, Quarantined, [059422a7dba089adbc1b0dbce41e20e0],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3288691\setup.ini.txt, Quarantined, [059422a7dba089adbc1b0dbce41e20e0],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3297861\chromeid.txt, Quarantined, [47524f7aed8e75c14a8db8114ab822de],
PUP.Optional.Conduit.A, C:\Users\Eric\AppData\Local\Temp\ct3297861\setup.ini.txt, Quarantined, [47524f7aed8e75c14a8db8114ab822de],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\appCntrl.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.html, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CrmAdpt.dll, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\ct.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CTB.dll, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\dpk.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.htm, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\json2.min.js, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\logo.png, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\manifest.json, Quarantined, [79204f7a1566132317c3428f877bde22],
PUP.Optional.PrivitizeTB.A, C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\pref.json, Quarantined, [79204f7a1566132317c3428f877bde22],

Physical Sectors: 0
(No malicious items detected)


(end)


#2 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 06 September 2014 - 03:54 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Eric at 16:41:31 on 2014-09-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1871 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\monitor.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunesHelper.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Nightly\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FLVBlaster.FLVBlasterIEAddon: {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Eric\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX330"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with FLV Blaster - C:\Program Files (x86)\FLV Blaster\Addons\Internet Explorer\script.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\System32\MyOSProtect.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\051627B6771697 : DHCPNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\144545332303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\44C496E6B6E45677 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\44C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\54259434D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\A457D616E67696 : DHCPNameServer = 68.87.66.234 68.87.64.230 192.168.1.1
TCP: Interfaces\{23608CD5-3638-4CF2-BEBA-778DCDDC9665}\C696E6B6379737 : DHCPNameServer = 209.55.5.10 209.55.5.11
TCP: Interfaces\{5F8DDE02-7CEE-4336-83E2-C68CBF7B0EEF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{90B66214-FB44-42F0-ADFE-A35595E00D59} : DHCPNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files\Mozilla Plugins\npitunes.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('security.mixed_content.block_active_content', false);
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-4 224896]
R0 FSProFilter2;FSPro File Filter 2;C:\Windows\System32\drivers\FSPFltd2.sys [2013-12-18 57648]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-6-1 15928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-4-4 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-4-4 427360]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 39768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-6-1 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-1 14904]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-3 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-4 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-11 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-4 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-21 72216]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-14 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-10 5052224]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe [2014-9-2 34244]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util sizlsearch;Util sizlsearch;"C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" --> C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-28 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-21 1255736]
.
=============== Created Last 30 ================
.
2014-09-06 20:56:20    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-06 20:56:05    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-06 20:56:05    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-06 20:56:05    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 20:51:35    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{267F917B-2544-439D-BC4A-7FACF5B7C517}\mpengine.dll
2014-09-06 20:03:56    --------    d-----w-    C:\Users\Eric\AppData\Local\SevereWeatherAlerts
2014-09-06 20:00:56    350768    ----a-w-    C:\Windows\System32\MyOSProtect64.dll
2014-09-06 20:00:54    304776    ----a-w-    C:\Windows\SysWow64\MyOSProtect.dll
2014-09-06 19:59:46    --------    d-----w-    C:\Program Files (x86)\Web Protect
2014-09-06 19:22:16    --------    d-----w-    C:\Program Files\Nightly
2014-09-04 00:44:55    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-09-04 00:44:54    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-09-04 00:44:54    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-09-04 00:44:54    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-09-02 19:55:28    487483    ----a-w-    C:\monitor.exe
2014-09-02 19:55:26    34244    ----a-w-    C:\monitorsvc.exe
2014-08-29 00:03:50    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-29 00:03:50    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-29 00:03:50    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-29 00:03:49    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-29 00:03:47    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-29 00:03:47    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-29 00:03:14    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-29 00:03:14    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-29 00:00:57    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-08-28 23:58:50    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-08-28 23:58:49    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-08-28 23:58:49    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-08-28 23:53:45    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 23:53:44    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 23:53:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-28 23:52:47    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-28 23:52:46    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-28 23:46:07    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-28 23:44:15    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-28 23:42:30    10594416    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-08-28 23:42:30    1022576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-08-28 23:42:29    822384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-08-28 23:41:03    --------    d-----w-    C:\Program Files\Mozilla Plugins
2014-08-28 23:41:01    --------    d-----w-    C:\Program Files\iTunesHelper.Resources
2014-08-28 23:40:20    --------    d-----w-    C:\Program Files\iTunes.Resources
2014-08-28 23:40:19    --------    d-----w-    C:\Program Files\iPod
2014-08-28 23:40:18    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-28 23:40:18    --------    d-----w-    C:\Program Files\iTunes
2014-08-28 23:40:18    --------    d-----w-    C:\Program Files\CD Configuration
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-08-28 23:30:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-08-28 23:13:53    --------    d-----w-    C:\Program Files (x86)\Nightly
2014-08-13 17:25:42    341848    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-08-10 18:06:55    --------    d-----w-    C:\Program Files (x86)\TeamViewer
.
==================== Find3M  ====================
.
2014-08-28 23:27:10    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 23:27:10    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 14:20:00    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-08-04 23:53:27    92008    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-08-04 23:53:27    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-04 23:53:27    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-08-04 23:53:27    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-08-04 23:53:27    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-08-04 23:53:27    1041168    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-08-04 23:53:26    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-08-04 23:53:26    43152    ----a-w-    C:\Windows\avastSS.scr
2014-08-01 21:18:36    293192    ----a-w-    C:\Program Files\iTunesOutlookAddIn.dll
2014-08-01 21:18:32    420168    ----a-w-    C:\Program Files\iTunesAdmin.dll
2014-08-01 21:18:32    152392    ----a-w-    C:\Program Files\iTunesHelper.exe
2014-08-01 21:18:32    148808    ----a-w-    C:\Program Files\iTunesHelper.dll
2014-08-01 21:18:30    9789256    ----a-w-    C:\Program Files\iTunes.exe
2014-08-01 21:18:14    26344776    ----a-w-    C:\Program Files\iTunes.dll
2014-08-01 21:18:12    776216    ----a-w-    C:\Program Files\gnsdk_sdkmanager.dll
2014-08-01 21:18:12    3015008    ----a-w-    C:\Program Files\gnsdk_dsp.dll
2014-08-01 21:18:12    262680    ----a-w-    C:\Program Files\gnsdk_submit.dll
2014-08-01 21:18:12    219672    ----a-w-    C:\Program Files\gnsdk_musicid.dll
2014-07-31 20:32:58    3116872    ----a-w-    C:\Program Files\iAdCore.dll
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-18 21:52:36    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2014-07-18 21:52:35    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2014-07-18 21:52:32    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-15 22:03:13    11204096    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-02-21 12:14:06    112968    ----a-w-    C:\Program Files\ITDetector.ocx
2009-04-08 17:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 16:42:40.04 ===============
 


#3 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 06 September 2014 - 03:54 PM

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.179  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,256 posts

Posted 07 September 2014 - 05:50 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 11 September 2014 - 03:35 PM

# AdwCleaner v3.309 - Report created 11/09/2014 at 16:21:52
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eric - ERIC-LAPTOP
# Running from : C:\Users\Eric\Desktop\adwcleaner_3.309.exe
# Option : Scan

***** [ Services ] *****

Service Found : ProtectMonitor
Service Found : Util sizlsearch

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\user.js
Folder Found : C:\Program Files (x86)\Web Protect
Folder Found : C:\Users\Eric\AppData\Local\SevereWeatherAlerts
Folder Found : C:\Users\Eric\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\WebProtect
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\WebProtect
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\WebProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\prefs.js ]

Line Found : user_pref("foxamp.winampautostart", false);
Line Found : user_pref("foxamp.winampdir", "");

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\aiuicen2.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3475 octets] - [03/11/2013 01:26:01]
AdwCleaner[R1].txt - [4445 octets] - [11/09/2014 16:21:52]
AdwCleaner[S0].txt - [3518 octets] - [03/11/2013 01:27:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4565 octets] ##########

 

I've just run this one scan so far. Why is that profile popping up? Is it safe to leave that alone? I don't want to delete the profile and then, whoops, there goes all my settings. Also, I don't know what 99% of those registry keys are--is it safe to delete those?

 

I apologize for the late response. It seems like as soon as I posted this I got sick.


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,256 posts

Posted 12 September 2014 - 05:51 AM

It's safe to clean everything.
Only the bad items in the profiles will be removed.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 12 September 2014 - 01:45 PM

# AdwCleaner v3.310 - Report created 12/09/2014 at 14:30:42
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eric - ERIC-LAPTOP
# Running from : C:\Users\Eric\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ProtectMonitor
[#] Service Deleted : Util sizlsearch

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Users\Eric\AppData\Local\SevereWeatherAlerts
Folder Deleted : C:\Users\Eric\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\monitor.exe
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\SysWOW64\MyOSProtect.dll
File Deleted : C:\Windows\System32\MyOSProtect64.dll
File Deleted : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\prefs.js ]

Line Deleted : user_pref("foxamp.winampautostart", false);
Line Deleted : user_pref("foxamp.winampdir", "");

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\aiuicen2.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3475 octets] - [03/11/2013 01:26:01]
AdwCleaner[R1].txt - [4709 octets] - [11/09/2014 16:21:52]
AdwCleaner[R2].txt - [4932 octets] - [12/09/2014 14:27:11]
AdwCleaner[S0].txt - [3518 octets] - [03/11/2013 01:27:52]
AdwCleaner[S1].txt - [4788 octets] - [12/09/2014 14:30:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4848 octets] ##########
 


#8 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 12 September 2014 - 01:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Eric (administrator) on ERIC-LAPTOP on 12-09-2014 14:39:56
Running from C:\Users\Eric\Desktop\frst
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2289952 2013-10-28] (FSPro Labs)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1921504723-3067785668-3859143433-1001\...\Run: [Spotify Web Helper] => C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-1921504723-3067785668-3859143433-1001\...\Run: [Spotify] => C:\Users\Eric\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-1921504723-3067785668-3859143433-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2B0710F9-71C9-4085-AEB1-B8F05C49AF28} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FLVBlaster.FLVBlasterIEAddon -> {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @onlive.com/OlGameDetect,version=1.1.0.69045 -> C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\searchplugins\strategywiki-en.xml
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\searchplugins\youtube-video-search.xml
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\LogMeInClient@logmein.com [2014-06-06]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-15]
FF Extension: Linkification - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010-12-19]
FF Extension: GameFOX - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [2012-10-16]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-04-19]
FF Extension: Social Fixer - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\socialfixer@mattkruse.com.xpi [2012-08-22]
FF Extension: YouTube to MP3 - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-05-03]
FF Extension: LittleFox - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2011-06-24]
FF Extension: X-notifier - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-18]
FF Extension: LinkChecker - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2012-01-26]
FF Extension: ReloadEvery - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-04-20]
FF Extension: Adblock Plus - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\7zp1pbgc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-04]
FF Extension: No Name - wrc@avast.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-04] (FSPro Labs)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S4 LMIRfsClientNP; No ImagePath
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 SBKUPNT; No ImagePath
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 14:39 - 2014-09-12 14:40 - 00000000 ____D () C:\FRST
2014-09-12 14:39 - 2014-09-12 14:39 - 00000000 ____D () C:\Users\Eric\Desktop\frst
2014-09-12 14:26 - 2014-09-12 14:26 - 01373475 _____ () C:\Users\Eric\Desktop\adwcleaner_3.310.exe
2014-09-11 16:20 - 2014-09-11 16:20 - 00000979 _____ () C:\Users\Eric\Documents\AdwareCleaner.txt
2014-09-11 16:10 - 2014-09-11 16:11 - 00000000 ____D () C:\Program Files\Nightly
2014-09-07 16:16 - 2014-09-07 16:16 - 00000184 _____ () C:\file.exe
2014-09-06 16:43 - 2014-09-06 16:43 - 00854417 _____ () C:\Users\Eric\Desktop\SecurityCheck.exe
2014-09-06 16:42 - 2014-09-06 16:42 - 00026249 _____ () C:\Users\Eric\Desktop\dds.txt
2014-09-06 16:42 - 2014-09-06 16:42 - 00007010 _____ () C:\Users\Eric\Desktop\attach.txt
2014-09-06 16:40 - 2014-09-06 16:41 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-09-06 15:56 - 2014-09-06 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 15:56 - 2014-09-06 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 15:56 - 2014-09-06 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 15:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 15:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 19:44 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-03 19:44 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-03 19:44 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-03 19:44 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-03 19:44 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-03 19:44 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-03 19:44 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-03 19:44 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-03 19:44 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-03 19:44 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-03 19:44 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-03 19:44 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-02 22:18 - 2014-09-04 17:32 - 00000070 _____ () C:\Users\Eric\Documents\Release.txt
2014-09-01 01:21 - 2014-09-01 01:21 - 00058792 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 23:14 - 2014-08-31 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-08-31 22:46 - 2014-08-31 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-08-31 22:46 - 2014-08-31 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-08-28 21:42 - 2014-08-28 21:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go
2014-08-28 19:03 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-28 19:03 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-28 19:03 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-28 19:03 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-28 19:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-28 19:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-28 19:03 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-28 19:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-28 19:01 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-28 19:01 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-28 19:01 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-28 19:01 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-28 19:00 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-28 19:00 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-28 19:00 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-28 19:00 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-28 19:00 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-28 19:00 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-28 19:00 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-28 19:00 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-28 19:00 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-28 19:00 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-28 19:00 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-28 19:00 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-28 19:00 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-28 19:00 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-28 19:00 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-28 19:00 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-28 19:00 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-28 19:00 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-28 19:00 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-28 19:00 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-28 19:00 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-28 19:00 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-28 19:00 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-28 19:00 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-28 19:00 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-28 19:00 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-28 19:00 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-28 19:00 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-28 19:00 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-28 19:00 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-28 19:00 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-28 19:00 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-28 19:00 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-28 19:00 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-28 19:00 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-28 19:00 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-28 19:00 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-28 19:00 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-28 19:00 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-28 19:00 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-28 19:00 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-28 19:00 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-28 19:00 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-28 19:00 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-28 19:00 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-28 19:00 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-28 19:00 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-28 19:00 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-28 19:00 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-28 19:00 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-28 19:00 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-28 19:00 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-28 19:00 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-28 19:00 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-28 19:00 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-28 19:00 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-28 19:00 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-28 19:00 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-28 19:00 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-28 19:00 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-28 19:00 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-28 19:00 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-28 19:00 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-28 19:00 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-28 19:00 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-28 19:00 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-28 19:00 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-28 19:00 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-28 19:00 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-28 19:00 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-28 19:00 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-28 18:59 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-28 18:59 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-28 18:59 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-28 18:59 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-28 18:59 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-28 18:59 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-28 18:59 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-28 18:59 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-28 18:59 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-28 18:59 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-28 18:59 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-28 18:59 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-28 18:59 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-28 18:59 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-28 18:58 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-28 18:58 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-28 18:58 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-28 18:53 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 18:53 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 18:53 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 18:52 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-28 18:52 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-28 18:46 - 2014-08-28 18:45 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 18:46 - 2014-08-28 18:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 18:46 - 2014-08-28 18:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 18:46 - 2014-08-28 18:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-28 18:44 - 2014-08-28 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\Program Files\Mozilla Plugins
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\Program Files\iTunesHelper.Resources
2014-08-28 18:40 - 2014-08-28 18:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-28 18:40 - 2014-08-28 18:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\iTunes.Resources
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\CD Configuration
2014-08-28 18:29 - 2014-08-28 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-28 18:29 - 2014-08-28 18:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-28 18:13 - 2014-08-28 18:13 - 00000000 ____D () C:\Program Files (x86)\Nightly
2014-08-28 07:37 - 2014-08-28 07:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\Facebook
2014-08-27 22:19 - 2014-09-03 20:50 - 00011639 _____ () C:\Users\Eric\Documents\Chase_Ledger.xlsx
2014-08-25 14:13 - 2014-08-25 14:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-08-19 16:18 - 2014-08-19 16:18 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-08-19 16:18 - 2014-08-19 16:18 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-08-19 13:42 - 2014-08-19 13:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Power2Go
2014-08-19 13:42 - 2014-08-19 13:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Power2Go
2014-08-19 13:41 - 2014-08-25 14:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-19 13:41 - 2014-08-19 13:41 - 00001375 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 13:41 - 2014-08-19 13:41 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest
2014-08-19 13:41 - 2012-10-13 09:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-08-19 13:41 - 2011-01-13 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-08-19 13:41 - 2010-06-01 07:15 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-08-19 13:41 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-19 13:41 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-13 12:25 - 2014-08-13 12:25 - 00341848 _____ (DivX, LLC) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 14:40 - 2014-09-12 14:39 - 00000000 ____D () C:\FRST
2014-09-12 14:39 - 2014-09-12 14:39 - 00000000 ____D () C:\Users\Eric\Desktop\frst
2014-09-12 14:39 - 2010-06-01 07:09 - 01717683 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 14:39 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 14:39 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 14:34 - 2013-04-04 19:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-12 14:34 - 2012-02-16 19:37 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Spotify
2014-09-12 14:32 - 2013-03-27 17:07 - 00392584 _____ () C:\Windows\PFRO.log
2014-09-12 14:32 - 2013-03-27 17:07 - 00015504 _____ () C:\Windows\setupact.log
2014-09-12 14:32 - 2012-04-01 00:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 14:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 14:30 - 2013-11-03 01:22 - 00000000 ____D () C:\AdwCleaner
2014-09-12 14:26 - 2014-09-12 14:26 - 01373475 _____ () C:\Users\Eric\Desktop\adwcleaner_3.310.exe
2014-09-12 14:03 - 2013-11-28 01:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 01:35 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-11 16:20 - 2014-09-11 16:20 - 00000979 _____ () C:\Users\Eric\Documents\AdwareCleaner.txt
2014-09-11 16:12 - 2012-02-16 19:38 - 00000000 ____D () C:\Users\Eric\AppData\Local\Spotify
2014-09-11 16:11 - 2014-09-11 16:10 - 00000000 ____D () C:\Program Files\Nightly
2014-09-10 07:03 - 2014-07-15 16:53 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 07:03 - 2013-11-28 01:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 07:03 - 2012-04-04 02:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 07:03 - 2011-05-19 01:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 19:39 - 2013-12-14 18:20 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\HpUpdate
2014-09-07 16:16 - 2014-09-07 16:16 - 00000184 _____ () C:\file.exe
2014-09-06 16:43 - 2014-09-06 16:43 - 00854417 _____ () C:\Users\Eric\Desktop\SecurityCheck.exe
2014-09-06 16:42 - 2014-09-06 16:42 - 00026249 _____ () C:\Users\Eric\Desktop\dds.txt
2014-09-06 16:42 - 2014-09-06 16:42 - 00007010 _____ () C:\Users\Eric\Desktop\attach.txt
2014-09-06 16:41 - 2014-09-06 16:40 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-09-06 16:36 - 2014-09-06 15:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 16:31 - 2009-07-13 23:45 - 00281144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-06 15:56 - 2014-09-06 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 15:56 - 2014-09-06 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 15:56 - 2013-11-03 00:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-06 15:56 - 2011-01-05 00:57 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Malwarebytes
2014-09-06 15:56 - 2011-01-05 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 15:51 - 2014-02-03 04:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-06 15:45 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 15:42 - 2010-06-01 07:45 - 00002616 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-06 15:42 - 2010-06-01 07:45 - 00001517 _____ () C:\Windows\system32\ServiceFilter.ini
2014-09-06 15:38 - 2010-12-08 01:51 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\SoftGrid Client
2014-09-06 15:29 - 2010-11-20 22:44 - 00000000 ____D () C:\Users\Eric\Downloads\Setup Files
2014-09-06 15:04 - 2010-11-21 09:52 - 00058792 _____ () C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-04 17:32 - 2014-09-02 22:18 - 00000070 _____ () C:\Users\Eric\Documents\Release.txt
2014-09-03 20:50 - 2014-08-27 22:19 - 00011639 _____ () C:\Users\Eric\Documents\Chase_Ledger.xlsx
2014-09-02 20:02 - 2013-12-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-02 20:02 - 2013-12-14 18:20 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-01 01:21 - 2014-09-01 01:21 - 00058792 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 23:14 - 2014-08-31 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-08-31 22:46 - 2014-08-31 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-08-31 22:46 - 2014-08-31 22:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-08-29 05:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 21:42 - 2014-08-28 21:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go
2014-08-28 21:19 - 2012-05-14 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-28 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-28 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-28 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-28 19:27 - 2013-07-24 23:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-28 19:15 - 2012-05-14 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-28 19:11 - 2012-05-14 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-28 18:45 - 2014-08-28 18:46 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-28 18:45 - 2014-08-28 18:46 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-28 18:45 - 2014-08-28 18:46 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-28 18:45 - 2014-08-28 18:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-28 18:44 - 2014-08-28 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-28 18:44 - 2014-08-28 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-28 18:44 - 2014-08-28 18:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\Program Files\Mozilla Plugins
2014-08-28 18:41 - 2014-08-28 18:41 - 00000000 ____D () C:\Program Files\iTunesHelper.Resources
2014-08-28 18:41 - 2014-08-28 18:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-28 18:41 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\iTunes
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\iTunes.Resources
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-28 18:40 - 2014-08-28 18:40 - 00000000 ____D () C:\Program Files\CD Configuration
2014-08-28 18:34 - 2013-02-09 01:03 - 00000000 ____D () C:\ProgramData\Apple
2014-08-28 18:29 - 2014-08-28 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-28 18:29 - 2014-08-28 18:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-28 18:25 - 2013-09-10 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-08-28 18:25 - 2010-12-04 16:12 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-08-28 18:25 - 2010-12-04 16:11 - 00000000 ____D () C:\ProgramData\DivX
2014-08-28 18:13 - 2014-08-28 18:13 - 00000000 ____D () C:\Program Files (x86)\Nightly
2014-08-28 07:37 - 2014-08-28 07:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\Facebook
2014-08-25 14:13 - 2014-08-25 14:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe
2014-08-25 14:13 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-22 21:07 - 2014-08-28 18:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 18:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 18:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:18 - 2014-08-19 16:18 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-08-19 16:18 - 2014-08-19 16:18 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-08-19 13:42 - 2014-08-19 13:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Power2Go
2014-08-19 13:42 - 2014-08-19 13:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Power2Go
2014-08-19 13:41 - 2014-08-19 13:41 - 00001375 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 13:41 - 2014-08-19 13:41 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-19 13:41 - 2014-08-19 13:41 - 00000000 ____D () C:\Users\Guest
2014-08-13 12:25 - 2014-08-13 12:25 - 00341848 _____ (DivX, LLC) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl

Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\DivXSetup.exe
C:\Users\Eric\AppData\Local\Temp\helper.exe
C:\Users\Eric\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Eric\AppData\Local\Temp\jna2473942496999869940.dll
C:\Users\Eric\AppData\Local\Temp\optprosetup.exe
C:\Users\Eric\AppData\Local\Temp\Quarantine.exe
C:\Users\Eric\AppData\Local\Temp\SpOrder.dll
C:\Users\Eric\AppData\Local\Temp\sqlite3.exe
C:\Users\Eric\AppData\Local\Temp\utt5BF6.tmp.exe
C:\Users\Eric\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eric\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Eric\AppData\Local\Temp\yac_new.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:49

==================== End Of Log ============================

Attached Files


Edited by Calicoo, 12 September 2014 - 01:47 PM.

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,256 posts

Posted 13 September 2014 - 06:55 AM


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
BHO-x32: FLVBlaster.FLVBlasterIEAddon -> {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 SBKUPNT; No ImagePath
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 13 September 2014 - 01:56 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Eric at 2014-09-13 14:44:07 Run:1
Running from C:\Users\Eric\Desktop\frst
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
BHO-x32: FLVBlaster.FLVBlasterIEAddon -> {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 SBKUPNT; No ImagePath
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{807ca0aa-7cb3-4f03-bd61-076f618cc82d}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{807ca0aa-7cb3-4f03-bd61-076f618cc82d}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
catchme => Service deleted successfully.
LMIInfo => Service deleted successfully.
SBKUPNT => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\ProgramData\Temp => ":4EFDF5FB" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 

 

I haven't noticed any difference in performance.


#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,256 posts

Posted 14 September 2014 - 06:46 AM

I recently downloaded a sketchy program and it installed a bunch of bloatware. Just doing a checkup to make sure I'm clean. Logs to follow.



I haven't noticed any difference in performance.

Do you have any problems?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 14 September 2014 - 07:50 AM

Oh, no. I'm sorry, I didn't understand the question. No, it looks like everything that needs to be gone is gone.

 

Thank you!


#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,256 posts

Posted 14 September 2014 - 11:24 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Resolved or inactive PC Troubleshooting


  1. SpywareInfo Forum
  2. General Computing Issues
  3. PC Checkup and Troubleshooting
  4. Resolved or inactive PC Troubleshooting
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button