PDA

View Full Version : New computer, possible malware



frignuts
2014-09-13, 21:54
Recently inherited a Dell Vostro 220s running windows 7. The computer has a history of malware but was cleaned using malwarebytes and ccleaner. It's running a bit slow and I want to be sure that it is clean before I start using it daily. Wondering if someone could take a look at it and tell me if it looks clean. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ed (administrator) on ED-PC on 13-09-2014 14:40:11
Running from C:\Users\Ed\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldtcoms.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-27] (Google Inc.)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\MountPoints2: {a7a55c4f-fc66-11e2-92f6-002564e5e832} - E:\MotoCastSetup.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49572B6A0A5DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
URLSearchHook: HKLM - (No Name) - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
URLSearchHook: HKCU - (No Name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
URLSearchHook: HKCU - (No Name) - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YOxdm004YYus&ptb=0A94985D-6E9B-4610-94A5-1FCDF9FBBC4D&psa=&ind=2011091317&ptnrS=YOxdm004YYus&si=&st=sb&n=77ded175&searchfor={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&mkt=en-gb&FORM=IE0000
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YOxdm004YYus&ptb=0A94985D-6E9B-4610-94A5-1FCDF9FBBC4D&psa=&ind=2011091317&ptnrS=YOxdm004YYus&si=&st=sb&n=77ded175&searchfor={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9D22EAB4-39A0-46B2-B74C-4A509BFD85DE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=39935540-32DA-4800-B8AD-FEEC833C3B0F&apn_sauid=5035ECE4-939C-47AE-B76C-0D8AC83E78AD
SearchScopes: HKCU - {C538F56D-C707-4DEC-B092-6D3952929DF3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3013973
SearchScopes: HKCU - {F2D83B33-3E47-4556-9D78-8DB871AB0A1F} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name -> {d5f7c10d-2f86-4e99-90da-25f8b0400992} -> No File
Toolbar: HKLM - No Name - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
Toolbar: HKLM - No Name - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D5F7C10D-2F86-4E99-90DA-25F8B0400992} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default
FF DefaultSearchEngine: Google (SSL)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google (SSL)
FF Homepage: https://www.google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\yahoo-avast.xml
FF Extension: Disconnect - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\2.0@disconnect.me.xpi [2014-09-13]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Disconnect) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-12]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2014-09-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
R3 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166880 2013-02-03] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-02-03] (Soluto) [File not signed]
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [552928 2013-02-03] (Soluto)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-12] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-12] ()
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-02-03] (Soluto LTD.)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 14:38 - 2014-09-13 14:39 - 00028374 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-13 14:37 - 2014-09-13 14:40 - 00017727 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
2014-09-13 14:36 - 2014-09-13 14:40 - 00000000 ____D () C:\FRST
2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
2014-09-13 13:53 - 2014-09-13 13:53 - 00002143 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-13 13:50 - 2014-09-13 13:50 - 04057608 _____ () C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 07:02 - 2014-09-13 07:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 21:41 - 2014-09-12 21:41 - 00231760 _____ () C:\Users\Ed\Downloads\CrucialScan.exe
2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-12 21:21 - 2014-09-12 21:21 - 00007715 _____ () C:\Users\Ed\Desktop\hijackthis.log
2014-09-12 21:19 - 2014-09-13 07:23 - 00113342 _____ () C:\Windows\PFRO.log
2014-09-12 20:58 - 2014-09-13 07:23 - 00000280 _____ () C:\Windows\setupact.log
2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 20:42 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:42 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:42 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:42 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:42 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:42 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:42 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:42 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:42 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:42 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:42 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:42 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:42 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:42 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:42 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:42 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:42 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:42 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:42 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:42 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:42 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:42 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:42 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:42 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:42 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:42 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:42 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:42 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:42 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:42 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 20:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 20:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 20:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 20:36 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 20:31 - 2014-09-12 20:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
2014-09-12 20:26 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 20:26 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 20:26 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-12 20:26 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-12 20:25 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 20:25 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 20:25 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 20:25 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 20:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-12 20:24 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 20:24 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 20:24 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 20:24 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-12 20:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 20:24 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 20:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-12 20:24 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 20:24 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-12 20:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 20:17 - 2014-09-12 20:18 - 04901352 _____ (Piriform Ltd) C:\Users\Ed\Downloads\ccsetup417.exe
2014-09-12 20:06 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 20:06 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 20:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 20:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 14:40 - 2014-09-13 14:37 - 00017727 _____ () C:\Users\Ed\Downloads\FRST.txt
2014-09-13 14:40 - 2014-09-13 14:36 - 00000000 ____D () C:\FRST
2014-09-13 14:39 - 2014-09-13 14:38 - 00028374 _____ () C:\Users\Ed\Downloads\Addition.txt
2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
2014-09-13 14:31 - 2010-11-27 21:14 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 14:25 - 2012-05-21 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 13:53 - 2014-09-13 13:53 - 00002143 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-13 13:50 - 2014-09-13 13:50 - 04057608 _____ () C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 13:38 - 2010-12-21 22:20 - 01701135 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 08:34 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-13 07:30 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 07:30 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 07:23 - 2014-09-13 07:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-13 07:23 - 2014-09-12 21:19 - 00113342 _____ () C:\Windows\PFRO.log
2014-09-13 07:23 - 2014-09-12 20:58 - 00000280 _____ () C:\Windows\setupact.log
2014-09-13 07:23 - 2014-01-20 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 07:23 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 07:21 - 2014-02-02 12:20 - 00000000 ____D () C:\Program Files\Brother
2014-09-13 07:21 - 2010-11-11 21:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-13 07:20 - 2014-02-02 12:21 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-09-13 07:03 - 2010-11-27 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-09-13 06:53 - 2010-11-27 20:24 - 00000000 ____D () C:\Users\Ed\AppData\Local\Mozilla
2014-09-13 06:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 21:41 - 2014-09-12 21:41 - 00231760 _____ () C:\Users\Ed\Downloads\CrucialScan.exe
2014-09-12 21:31 - 2013-11-15 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-12 21:30 - 2013-11-15 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-12 21:24 - 2014-05-10 21:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-12 21:24 - 2014-01-18 11:31 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-12 21:24 - 2013-10-19 14:10 - 00002049 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-12 21:24 - 2013-05-31 15:26 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-12 21:24 - 2013-05-31 15:26 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-12 21:21 - 2014-09-12 21:21 - 00007715 _____ () C:\Users\Ed\Desktop\hijackthis.log
2014-09-12 21:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2014-09-12 21:07 - 2014-03-30 10:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 20:58 - 2010-12-20 15:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 20:58 - 2009-07-14 00:33 - 00297832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:45 - 2014-05-11 12:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:45 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-12 20:44 - 2014-03-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 20:41 - 2013-08-13 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 20:35 - 2010-12-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 20:32 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed\AppData\Local\VirtualStore
2014-09-12 20:31 - 2014-09-12 20:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
2014-09-12 20:29 - 2010-11-11 22:02 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:25 - 2012-05-21 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-12 20:25 - 2012-05-21 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-12 20:23 - 2011-06-14 13:05 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 20:23 - 2010-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 20:18 - 2014-09-12 20:17 - 04901352 _____ (Piriform Ltd) C:\Users\Ed\Downloads\ccsetup417.exe
2014-09-12 20:12 - 2010-12-28 02:27 - 00000000 ____D () C:\Program Files\PokerStars.FOX
2014-09-12 20:03 - 2010-11-27 21:14 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 21:52 - 2014-09-12 20:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-12 20:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-11-27 21:15 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 06:53 - 2010-11-11 21:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 21:46 - 2014-09-12 20:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:42 - 2014-09-12 20:25 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 13:39 - 2014-09-12 20:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 18:26 - 2014-09-12 20:42 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:08 - 2014-09-12 20:42 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 17:57 - 2014-09-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 17:57 - 2014-09-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 17:46 - 2014-09-12 20:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 17:45 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 17:44 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-12 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-12 20:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 17:39 - 2014-09-12 20:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 17:39 - 2014-09-12 20:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 17:37 - 2014-09-12 20:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 17:36 - 2014-09-12 20:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 17:36 - 2014-09-12 20:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:35 - 2014-09-12 20:42 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 17:30 - 2014-09-12 20:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:27 - 2014-09-12 20:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:22 - 2014-09-12 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-12 20:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:17 - 2014-09-12 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:17 - 2014-09-12 20:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:15 - 2014-09-12 20:42 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:09 - 2014-09-12 20:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:08 - 2014-09-12 20:42 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:08 - 2014-09-12 20:42 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:07 - 2014-09-12 20:42 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 16:46 - 2014-09-12 20:42 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 16:38 - 2014-09-12 20:42 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:36 - 2014-09-12 20:42 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\_is844C.exe
C:\Users\Ed\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 08:27

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Ed at 2014-09-13 14:40:38
Running from C:\Users\Ed\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Game Master 2 Toolbar (HKLM\...\Game_Master_2 Toolbar) (Version: 6.5.2.8 - Game Master 2)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.149 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mapit 1 Toolbar (HKLM\...\Mapit_1 Toolbar) (Version: 6.5.2.8 - Mapit 1)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
Scansoft PDF Professional (Version: - ) Hidden
Soluto (HKLM\...\{9D48F834-97D9-4046-8664-FAB2C1A5091A}) (Version: 1.3.1149.0 - Soluto)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points =========================

21-06-2014 11:59:28 Windows Update
22-06-2014 04:16:51 Windows Update
30-06-2014 18:44:15 Windows Update
13-09-2014 00:05:52 Windows Update
13-09-2014 00:10:34 Removed Fanbase
13-09-2014 00:15:24 Windows Update
13-09-2014 00:27:55 Windows Update
13-09-2014 01:22:41 avast! antivirus system restore point
13-09-2014 11:21:04 Removed Brother Software Suite

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0787A328-4F56-42C6-8AC2-41E82B113A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: {5D2E8075-AD3F-4A3B-97A7-88C49B0B2C59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-12] (AVAST Software)
Task: {5E60CC59-7492-4F46-8C4F-BD85EF7BA92C} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {97B14A99-B19B-4DE9-9F19-E676FACE8871} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {F32D4582-4B75-4A4F-8CEC-B982128EB0CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {F7B00289-6313-4DA4-89D0-AED871A3870B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cf3fbb1c3422a3.job => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-12 21:24 - 2014-09-12 21:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-13 06:29 - 2014-09-13 06:29 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091300\algo.dll
2014-09-13 13:53 - 2014-09-13 13:53 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091301\algo.dll
2014-09-13 06:34 - 2014-09-13 06:34 - 00156160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\15655f77a7dd4f5dde9a1707687c4685\PCGAppControlPluginLoader.ni.dll
2014-09-12 21:03 - 2014-09-12 21:03 - 01707008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\8c737a8feb24668062bed002f5d9412a\PCGPreCompiled.ni.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2012-08-10 10:17 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2014-09-12 21:24 - 2014-09-12 21:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00049720 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 15:28 - 2014-03-06 16:35 - 00051016 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\chrome_elf.dll
2014-03-14 15:28 - 2014-03-06 16:35 - 00716616 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\libglesv2.dll
2014-03-14 15:28 - 2014-03-06 16:35 - 00100168 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\libegl.dll
2014-03-14 15:28 - 2014-03-06 16:36 - 04061000 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll
2014-03-14 15:28 - 2014-03-06 16:36 - 00394568 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll
2014-03-14 15:28 - 2014-03-06 16:35 - 01647432 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2014 07:21:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3d77503e-5281-4e90-af90-8607ab4d6ca7}

Error: (09/12/2014 09:22:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {88df055e-2a0b-40e6-88f6-be20c190dccf}

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.DirectoryServices, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Xml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Drawing.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.ServiceProcess, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (09/13/2014 01:38:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (09/12/2014 09:25:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (09/12/2014 09:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:09:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:09:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 57%
Total physical RAM: 2012.99 MB
Available physical RAM: 851.36 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 2408.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.85 GB) (Free:178.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-13 14:44:15
-----------------------------
14:44:15.244 OS Version: Windows 6.1.7601 Service Pack 1
14:44:15.244 Number of processors: 2 586 0x170A
14:44:15.246 ComputerName: ED-PC UserName: Ed
14:44:16.519 Initialize success
14:44:16.519 VM: initialized successfully
14:44:16.536 VM: Intel CPU supported virtualizedSuspended
14:44:52.387 VM: disk I/O iaStor.sys
14:44:55.452 AVAST engine defs: 14091301
14:45:01.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:01.681 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3
14:45:01.795 Disk 0 MBR read successfully
14:45:01.799 Disk 0 MBR scan
14:45:01.817 Disk 0 Windows 7 default MBR code
14:45:01.823 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
14:45:01.855 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 98304
14:45:01.862 Disk 0 default boot code
14:45:01.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230251 MB offset 16723968
14:45:01.887 Disk 0 scanning sectors +488278016
14:45:01.974 Disk 0 scanning C:\Windows\system32\drivers
14:45:11.125 Service scanning
14:45:29.423 Modules scanning
14:45:39.647 Disk 0 trace - called modules:
14:45:39.659 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:45:39.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658f2b8]
14:45:39.668 3 CLASSPNP.SYS[8919a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85740028]
14:45:40.623 AVAST engine scan C:\Windows
14:45:42.348 AVAST engine scan C:\Windows\system32
14:48:14.333 AVAST engine scan C:\Windows\system32\drivers
14:48:33.759 AVAST engine scan C:\Users\Ed
14:50:04.092 AVAST engine scan C:\ProgramData
14:51:17.878 Scan finished successfully
14:53:36.533 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\Cleaning and Security\MBR.dat"
14:53:36.538 The log file has been saved successfully to "C:\Users\Ed\Desktop\Cleaning and Security\aswMBR.txt"

ken545
2014-09-14, 02:31
:snwelcome:

Looking at some bogus toolbars that need to go

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

frignuts
2014-09-14, 14:50
# AdwCleaner v3.310 - Report created 14/09/2014 at 07:08:39
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ed - ED-PC
# Running from : C:\Users\Ed\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\InboxAce_1gEI
Folder Deleted : C:\Program Files\Game_Master_2
Folder Deleted : C:\Program Files\Mapit_1
Folder Deleted : C:\Users\Ed\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Ed\AppData\Local\Conduit
Folder Deleted : C:\Users\Ed\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ed\AppData\LocalLow\iac
Folder Deleted : C:\Users\Ed\AppData\LocalLow\InboxAce_1gEI
Folder Deleted : C:\Users\Ed\AppData\LocalLow\Game_Master_2
Folder Deleted : C:\Users\Ed\AppData\LocalLow\Mapit_1
File Deleted : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcomsearch.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008660
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3013973
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FD7BC46-216F-4000-A3BB-2744E400E35E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5F7C10D-2F86-4E99-90DA-25F8B0400992}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0FD7BC46-216F-4000-A3BB-2744E400E35E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF4A3145-97D7-488E-A830-67FBD1C14141}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32586041-5F0C-4B65-BD90-73A9EC745F5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EB2E993-7C2F-48FB-9961-1E26CFE102D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47500437-FC60-4B9A-93F8-8E882F87F70E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A97B62B-B742-4690-A70F-9F2741F80F4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Game_Master_2
Key Deleted : HKCU\Software\AppDataLow\Software\Mapit_1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Game_Master_2
Key Deleted : HKLM\SOFTWARE\Mapit_1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Game_Master_2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mapit_1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\prefs.js ]

Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://isearch.avg.com/search?cid={72F149A4-D05A-4CC3-AED1-5E7BC44E368A}&mid=5e26ed1f2c8f47d6b947d16c220101c1-fe1d41f4c13f27fdca457142333fb051b553ec82&[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=2C76A20C-BD51-48AB-BE00-F90E288E29FC&n=77ee4092&ptnrS=ZXxdm003YYus&si=CNi_zsr60K4CFYne4Aod-W[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2012102802");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "ZXxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "CNi_zsr60K4CFYne4Aod-WrXAQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "2C76A20C-BD51-48AB-BE00-F90E288E29FC");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1390236603132");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "07101");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "radiorage@mindspark.com");

-\\ Google Chrome v

[ File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10035 octets] - [14/09/2014 07:05:46]
AdwCleaner[S0].txt - [10167 octets] - [14/09/2014 07:08:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10228 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Ed on Sun 09/14/2014 at 7:16:07.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9D22EAB4-39A0-46B2-B74C-4A509BFD85DE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C538F56D-C707-4DEC-B092-6D3952929DF3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\q44dp2fb.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/14/2014 at 7:18:24.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/14/2014
Scan Time: 7:42:03 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.14.03
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288042
Time Elapsed: 9 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-09-14, 15:43
:bigthumb:

Go ahead and run new scan with FRST , also check the Additions box and post both or the new logs please

frignuts
2014-09-14, 17:26
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ed (administrator) on ED-PC on 14-09-2014 10:27:28
Running from C:\Users\Ed\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldtcoms.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-27] (Google Inc.)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\MountPoints2: {a7a55c4f-fc66-11e2-92f6-002564e5e832} - E:\MotoCastSetup.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49572B6A0A5DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKCU - {F2D83B33-3E47-4556-9D78-8DB871AB0A1F} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default
FF DefaultSearchEngine: Google (SSL)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google (SSL)
FF Homepage: https://www.google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\yahoo-avast.xml
FF Extension: Disconnect - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\2.0@disconnect.me.xpi [2014-09-13]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Disconnect) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-12]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
R3 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166880 2013-02-03] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-02-03] (Soluto) [File not signed]
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [552928 2013-02-03] (Soluto)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-12] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-12] ()
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-02-03] (Soluto LTD.)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 10:27 - 2014-09-14 10:27 - 00013965 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-09-14 07:53 - 2014-09-14 07:53 - 00001052 _____ () C:\Users\Ed\Desktop\mbam.txt
2014-09-14 07:18 - 2014-09-14 07:18 - 00001442 _____ () C:\Users\Ed\Desktop\JRT.txt
2014-09-14 07:16 - 2014-09-14 07:16 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 07:12 - 2014-09-14 07:12 - 00010309 _____ () C:\Users\Ed\Desktop\AdwCleaner[S0].txt
2014-09-14 07:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-14 07:05 - 2014-09-14 07:08 - 00000000 ____D () C:\AdwCleaner
2014-09-13 22:56 - 2014-09-13 22:56 - 01016261 _____ (Thisisu) C:\Users\Ed\Desktop\JRT.exe
2014-09-13 22:55 - 2014-09-13 22:55 - 01373475 _____ () C:\Users\Ed\Desktop\AdwCleaner.exe
2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
2014-09-13 14:36 - 2014-09-14 10:27 - 00000000 ____D () C:\FRST
2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-13 07:02 - 2014-09-13 07:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-12 21:19 - 2014-09-14 07:10 - 00113652 _____ () C:\Windows\PFRO.log
2014-09-12 20:58 - 2014-09-14 07:59 - 00000504 _____ () C:\Windows\setupact.log
2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 20:42 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:42 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:42 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:42 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:42 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:42 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:42 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:42 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:42 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:42 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:42 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:42 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:42 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:42 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:42 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:42 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:42 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:42 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:42 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:42 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:42 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:42 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:42 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:42 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:42 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:42 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:42 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:42 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:42 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:42 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 20:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 20:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 20:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 20:36 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 20:26 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 20:26 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 20:26 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-12 20:26 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-12 20:25 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 20:25 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 20:25 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 20:25 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 20:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-12 20:24 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 20:24 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 20:24 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 20:24 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-12 20:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 20:24 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 20:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-12 20:24 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 20:24 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-12 20:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 20:06 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 20:06 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 20:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 20:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 10:27 - 2014-09-14 10:27 - 00013965 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-09-14 10:27 - 2014-09-13 14:36 - 00000000 ____D () C:\FRST
2014-09-14 10:26 - 2010-11-27 20:35 - 00000000 ___RD () C:\Users\Ed\Desktop\Cleaning and Security
2014-09-14 10:25 - 2012-05-21 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 09:31 - 2010-11-27 21:14 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 09:14 - 2009-07-14 00:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 09:14 - 2009-07-14 00:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 08:02 - 2010-12-21 22:20 - 01756327 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 07:59 - 2014-09-12 20:58 - 00000504 _____ () C:\Windows\setupact.log
2014-09-14 07:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 07:53 - 2014-09-14 07:53 - 00001052 _____ () C:\Users\Ed\Desktop\mbam.txt
2014-09-14 07:41 - 2014-03-30 10:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 07:25 - 2012-05-21 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-14 07:25 - 2012-05-21 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-14 07:18 - 2014-09-14 07:18 - 00001442 _____ () C:\Users\Ed\Desktop\JRT.txt
2014-09-14 07:16 - 2014-09-14 07:16 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 07:12 - 2014-09-14 07:12 - 00010309 _____ () C:\Users\Ed\Desktop\AdwCleaner[S0].txt
2014-09-14 07:10 - 2014-09-12 21:19 - 00113652 _____ () C:\Windows\PFRO.log
2014-09-14 07:08 - 2014-09-14 07:05 - 00000000 ____D () C:\AdwCleaner
2014-09-13 22:56 - 2014-09-13 22:56 - 01016261 _____ (Thisisu) C:\Users\Ed\Desktop\JRT.exe
2014-09-13 22:55 - 2014-09-13 22:55 - 01373475 _____ () C:\Users\Ed\Desktop\AdwCleaner.exe
2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-13 08:34 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-13 07:23 - 2014-09-13 07:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-13 07:23 - 2014-01-20 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 07:21 - 2014-02-02 12:20 - 00000000 ____D () C:\Program Files\Brother
2014-09-13 07:21 - 2010-11-11 21:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-13 07:20 - 2014-02-02 12:21 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-09-13 07:03 - 2010-11-27 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-09-13 06:53 - 2010-11-27 20:24 - 00000000 ____D () C:\Users\Ed\AppData\Local\Mozilla
2014-09-13 06:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 21:31 - 2013-11-15 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-12 21:30 - 2013-11-15 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-12 21:24 - 2014-05-10 21:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-12 21:24 - 2014-01-18 11:31 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-12 21:24 - 2013-10-19 14:10 - 00002049 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-12 21:24 - 2013-05-31 15:26 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-12 21:24 - 2013-05-31 15:26 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-12 21:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 20:58 - 2010-12-20 15:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 20:58 - 2009-07-14 00:33 - 00297832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:45 - 2014-05-11 12:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:45 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-12 20:44 - 2014-03-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 20:41 - 2013-08-13 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 20:35 - 2010-12-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 20:32 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed\AppData\Local\VirtualStore
2014-09-12 20:29 - 2010-11-11 22:02 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:23 - 2011-06-14 13:05 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 20:23 - 2010-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 20:12 - 2010-12-28 02:27 - 00000000 ____D () C:\Program Files\PokerStars.FOX
2014-09-12 20:03 - 2010-11-27 21:14 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 21:52 - 2014-09-12 20:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-12 20:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-11-27 21:15 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 06:53 - 2010-11-11 21:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 21:46 - 2014-09-12 20:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:42 - 2014-09-12 20:25 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 13:39 - 2014-09-12 20:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 18:26 - 2014-09-12 20:42 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:08 - 2014-09-12 20:42 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 17:57 - 2014-09-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 17:57 - 2014-09-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 17:46 - 2014-09-12 20:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 17:45 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 17:44 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-12 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-12 20:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 17:39 - 2014-09-12 20:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 17:39 - 2014-09-12 20:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 17:37 - 2014-09-12 20:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 17:36 - 2014-09-12 20:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 17:36 - 2014-09-12 20:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:35 - 2014-09-12 20:42 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 17:30 - 2014-09-12 20:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:27 - 2014-09-12 20:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:22 - 2014-09-12 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-12 20:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:17 - 2014-09-12 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:17 - 2014-09-12 20:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:15 - 2014-09-12 20:42 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:09 - 2014-09-12 20:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:08 - 2014-09-12 20:42 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:08 - 2014-09-12 20:42 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:07 - 2014-09-12 20:42 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 16:46 - 2014-09-12 20:42 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 16:38 - 2014-09-12 20:42 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:36 - 2014-09-12 20:42 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\Quarantine.exe
C:\Users\Ed\AppData\Local\Temp\_is844C.exe
C:\Users\Ed\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 08:27

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Ed at 2014-09-14 10:28:00
Running from C:\Users\Ed\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.149 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
Scansoft PDF Professional (Version: - ) Hidden
Soluto (HKLM\...\{9D48F834-97D9-4046-8664-FAB2C1A5091A}) (Version: 1.3.1149.0 - Soluto)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points =========================

21-06-2014 11:59:28 Windows Update
22-06-2014 04:16:51 Windows Update
30-06-2014 18:44:15 Windows Update
13-09-2014 00:05:52 Windows Update
13-09-2014 00:10:34 Removed Fanbase
13-09-2014 00:15:24 Windows Update
13-09-2014 00:27:55 Windows Update
13-09-2014 01:22:41 avast! antivirus system restore point
13-09-2014 11:21:04 Removed Brother Software Suite

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0787A328-4F56-42C6-8AC2-41E82B113A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: {5D2E8075-AD3F-4A3B-97A7-88C49B0B2C59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-12] (AVAST Software)
Task: {5E60CC59-7492-4F46-8C4F-BD85EF7BA92C} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {97B14A99-B19B-4DE9-9F19-E676FACE8871} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {F32D4582-4B75-4A4F-8CEC-B982128EB0CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
Task: {F7B00289-6313-4DA4-89D0-AED871A3870B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cf3fbb1c3422a3.job => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-12 21:24 - 2014-09-12 21:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-14 06:59 - 2014-09-14 06:59 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091400\algo.dll
2012-08-10 10:17 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2014-09-13 06:34 - 2014-09-13 06:34 - 00156160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\15655f77a7dd4f5dde9a1707687c4685\PCGAppControlPluginLoader.ni.dll
2014-09-12 21:03 - 2014-09-12 21:03 - 01707008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\8c737a8feb24668062bed002f5d9412a\PCGPreCompiled.ni.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00049720 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-09-12 21:24 - 2014-09-12 21:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/14/2014 07:40:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 41%
Total physical RAM: 2012.99 MB
Available physical RAM: 1186.31 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 2912.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.56 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.85 GB) (Free:178.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ken545
2014-09-14, 18:04
Hi,

Log looks ok but some questions on these

AVG Secure Search is considered Foistware

https://www.google.com/search?q=what+is+foistware&rlz=1C1CHFX_enUS561US561&oq=what+is+foist&aqs=chrome.1.69i57j0l5.6441j0j7&sourceid=chrome&es_sm=122&ie=UTF-8

Did you install this an use it ?
MindSpark Toolbar

frignuts
2014-09-14, 18:44
As far as I know I did not install the AVG toolbar or the mindspark toolbar. I would like to get rid of them if possible.

Would it be safe to use this computer for things like online banking once it is cleaned?

Thanks.

ken545
2014-09-14, 19:39
As far as using this computer for online banking and purchases with a credit card, keep in mind that sometimes on a totally new clean computer it could be a problem if not done correctly. There are infections going around and some are called Rootkit that are responsible for stealing your log in and credit card info but i did not see any markers in your log for that. So I would say that you most likely are ok. What I would do is check into your bank often, a few times a week just to make sure everything is in order, I do myself at least every other day.


Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.



Start
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



===========================================================

What I would like to do is run a free online virus scanner just to make sure we didn't miss anything, please read the instructions and do not check to remove threats because sometimes false positives are picked up and I dont want it removing something that is not bad


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

frignuts
2014-09-14, 22:06
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Ed at 2014-09-14 13:29:17 Run:1
Running from C:\Users\Ed\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
Hosts:
EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => value deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1014.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\Game_Master_2ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\ldrtbGame.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\prxtbGame.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\tbGame.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\ldrtbMapi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\Mapit_1ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\prxtbMapi.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\tbMapi.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Conduit\CT3013973\Game_Master_2AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Game_Master_2\ldrtbGame.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Game_Master_2\tbGame.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hk64tbMap0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hk64tbMap2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hktbMap0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hktbMap2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap3.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMapi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap3.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMapi.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application

ken545
2014-09-14, 22:37
All those entries that ESET found where Quarantined by AdwCleaner


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.


How is your system behaving now ?

frignuts
2014-09-15, 02:33
Seems to be running well. Thanks Ken! you the man. Very thorough!:bigthumb:

ken545
2014-09-15, 03:38
Great :)


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Double-click DelFix.exe to run the program.
Place a checkmark next to the following items:

*Activate UAC
*Remove disinfection tools
*Create registry backup
*Reset System Settings


Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

frignuts
2014-09-17, 05:03
Done! Thanks.

ken545
2014-09-17, 10:16
Great,

Take care

Ken :)

frignuts
2014-09-18, 00:26
You too! Thanks for doing what you do!

ken545
2014-09-18, 00:48
Your welcome my friend. I am going to close this thread, any problems in the future just come back and start a new topic