unwanted programs [Archive] - Safer-Networking Forums

frignuts

2014-10-02, 01:20

I accidentally installed a bunch of junk. I'm not quite sure what. This computer does not have internet access at the moment. I'm not sure why.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 01
Ran by Ed (administrator) on ED-PC on 01-10-2014 17:52:45
Running from C:\Users\Ed\Desktop
Loaded Profile: Ed (Available profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldtcoms.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(YTDownloader) C:\Program Files\YTDownloader\YTDownloader.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
() C:\Users\Ed\AppData\Roaming\OAS\oas.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Ed\AppData\Roaming\OAS\mcc.exe
(Awesomium Technologies) C:\Users\Ed\AppData\Roaming\OAS\oas-module
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Goobzo) C:\Program Files\YTDownloader\Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(The Chromium Authors) C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [Online Ad Scanner] => C:\Users\Ed\AppData\Roaming\OAS\oasupd.exe [28672 2014-09-23] ()
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\MountPoints2: {a7a55c4f-fc66-11e2-92f6-002564e5e832} - E:\MotoCastSetup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com (http://www.google.com)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49572B6A0A5DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKCU - {F2D83B33-3E47-4556-9D78-8DB871AB0A1F} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default
FF DefaultSearchEngine: Google (SSL)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Groovorio
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\user.js
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\yahoo-avast.xml
FF Extension: Groovorio - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-10-01]
FF Extension: Disconnect - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\2.0@disconnect.me.xpi [2014-09-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,
CHR StartupUrls: Profile 1 -> "hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,"
CHR DefaultSearchKeyword: Profile 1 -> www-search.net
CHR DefaultSearchProvider: Profile 1 -> Search
CHR DefaultSearchURL: Profile 1 -> http://www-search.net/search.aspx?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,&q={searchTerms}
CHR DefaultSuggestURL: Profile 1 -> http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Disconnect) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
R3 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166880 2013-02-03] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-02-03] (Soluto) [File not signed]
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [552928 2013-02-03] (Soluto)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-12] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-12] ()
S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [377472 2009-07-13] (ATI Technologies Inc.)
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [50024 2014-08-25] (YTDownloader)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-02-03] (Soluto LTD.)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:52 - 2014-10-01 17:53 - 00013653 _____ () C:\Users\Ed\Desktop\FRST.txt
2014-10-01 17:51 - 2014-10-01 17:52 - 00000000 ____D () C:\FRST
2014-10-01 17:50 - 2014-10-01 17:45 - 01100288 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2014-09-28 10:12 - 2014-09-28 10:12 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cfdb2638be0e3d.job
2014-09-27 21:57 - 2014-09-27 21:57 - 00000044 _____ () C:\Users\Ed\AppData\Roaming\WB.CFG
2014-09-27 21:46 - 2014-09-27 21:46 - 00000687 _____ () C:\awh4710.tmp
2014-09-27 18:57 - 2014-09-27 18:57 - 00000687 _____ () C:\awh58BA.tmp
2014-09-27 17:48 - 2014-09-27 17:48 - 00000687 _____ () C:\awh1D8E.tmp
2014-09-27 17:48 - 2014-09-27 17:48 - 00000000 ____D () C:\Program Files\My Dell
2014-09-27 17:41 - 2014-09-27 17:41 - 00000687 _____ () C:\awh3EC4.tmp
2014-09-27 17:33 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-27 17:31 - 2014-09-27 17:31 - 00001185 _____ () C:\Users\Ed\Desktop\uConvert.lnk
2014-09-27 17:30 - 2014-09-28 10:26 - 00000000 ____D () C:\Users\Ed\AppData\Local\StormWatch
2014-09-27 17:30 - 2014-09-28 10:26 - 00000000 ____D () C:\Program Files\snipsmart
2014-09-27 17:30 - 2014-09-27 17:37 - 00000000 ____D () C:\ProgramData\pastaleads
2014-09-27 17:28 - 2014-09-27 17:55 - 00000000 ____D () C:\Users\Ed\AppData\Local\28529
2014-09-27 17:27 - 2014-10-01 17:42 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\OAS
2014-09-27 17:25 - 2014-09-27 17:25 - 00000687 _____ () C:\awh69BA.tmp
2014-09-27 17:23 - 2014-09-27 17:23 - 00001857 _____ () C:\Users\Ed\Desktop\YTDownloader.lnk
2014-09-27 17:23 - 2014-09-27 17:23 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-09-27 17:23 - 2014-09-27 17:23 - 00000000 ____D () C:\Program Files\YTDownloader
2014-09-27 17:22 - 2014-09-27 17:22 - 00000000 ____D () C:\Users\Ed\AppData\Local\CrashRpt
2014-09-27 17:21 - 2014-09-28 11:28 - 00000000 ____D () C:\Users\Ed\Documents\ProPCCleaner
2014-09-27 17:21 - 2014-09-27 17:21 - 00000000 ____D () C:\Users\Ed\AppData\Local\Pro_PC_Cleaner
2014-09-27 17:20 - 2014-09-27 17:46 - 00000000 ____D () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r
2014-09-27 17:19 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-27 17:15 - 2014-09-27 17:15 - 00000852 _____ () C:\Users\Ed\Desktop\Downloads.lnk
2014-09-27 17:02 - 2014-05-08 05:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-27 17:02 - 2014-05-08 05:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 18:42 - 2012-08-23 10:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 18:42 - 2012-08-23 10:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 18:42 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-25 18:41 - 2014-09-25 18:41 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-25 18:41 - 2014-09-25 18:41 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-25 18:41 - 2014-09-25 18:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-25 18:41 - 2014-09-25 18:41 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-25 18:41 - 2014-09-25 18:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-25 18:41 - 2014-09-25 18:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-25 18:40 - 2014-09-25 18:42 - 00007662 _____ () C:\Windows\IE11_main.log
2014-09-25 18:38 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 18:38 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 18:38 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 18:38 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 18:38 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 18:38 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 18:38 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 18:38 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 18:38 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 18:38 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 18:38 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 18:35 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-25 18:35 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-25 18:35 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-25 18:35 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-25 18:35 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-25 18:35 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-25 18:35 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 18:30 - 2014-09-25 18:30 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Zeon
2014-09-25 18:30 - 2014-09-25 18:30 - 00000000 _____ () C:\Users\Ed\Documents\Nuance Image Printer Writer Port
2014-09-25 18:27 - 2014-09-25 18:27 - 06023284 _____ () C:\Users\Ed\Downloads\backgroundspaisandscheduleforsecondseptembercohort.zip
2014-09-23 20:37 - 2014-09-23 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-23 20:37 - 2014-09-23 20:37 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-23 20:36 - 2014-09-23 20:37 - 01110476 _____ () C:\Users\Ed\Downloads\7z920.exe
2014-09-23 19:55 - 2014-09-23 20:00 - 1034944512 _____ () C:\Users\Ed\Downloads\ubuntu-14.04.1-desktop-i386.iso
2014-09-23 17:33 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 20:37 - 2014-09-22 20:37 - 02484216 _____ () C:\Users\Ed\Downloads\INTEL_CHIPSET-SOFTWARE-INSTA_A01_R230170.exe
2014-09-21 20:18 - 2014-09-21 20:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-19 14:46 - 2014-09-19 16:51 - 00022188 _____ () C:\Users\Ed\Database.kdb
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\KeePass
2014-09-19 14:28 - 2014-09-19 14:28 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
2014-09-19 14:28 - 2014-09-19 14:28 - 00000000 ____D () C:\Program Files\KeePass Password Safe
2014-09-18 20:30 - 2014-09-18 20:30 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Dell
2014-09-18 20:30 - 2014-09-18 20:30 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-18 20:28 - 2014-09-18 20:38 - 00000000 ____D () C:\temp
2014-09-18 20:28 - 2014-09-18 20:28 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\PCDr
2014-09-18 20:16 - 2009-07-08 16:34 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2014-09-18 06:30 - 2014-10-01 17:35 - 00003432 _____ () C:\Windows\setupact.log
2014-09-18 06:30 - 2014-09-29 20:16 - 00111478 _____ () C:\Windows\PFRO.log
2014-09-18 06:30 - 2014-09-18 06:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 20:04 - 2014-09-28 08:40 - 00001245 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-17 20:04 - 2014-09-27 21:42 - 00001233 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-17 20:04 - 2014-09-27 17:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-17 17:53 - 2014-09-25 18:28 - 00000000 ____D () C:\Users\Ed\Desktop\September
2014-09-16 22:06 - 2014-09-16 22:06 - 00000801 _____ () C:\DelFix.txt
2014-09-14 13:39 - 2014-09-14 13:39 - 00000000 ____D () C:\Program Files\ESET
2014-09-14 13:36 - 2014-09-14 13:36 - 00000000 __SHD () C:\Users\Ed\AppData\Local\EmieUserList
2014-09-14 13:36 - 2014-09-14 13:36 - 00000000 __SHD () C:\Users\Ed\AppData\Local\EmieSiteList
2014-09-14 07:16 - 2014-09-16 22:06 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 07:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-12 20:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 20:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 20:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 20:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 20:36 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 20:26 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 20:26 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 20:26 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-12 20:26 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-12 20:25 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 20:25 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 20:25 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 20:25 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 20:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-12 20:24 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 20:24 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 20:24 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 20:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 20:24 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 20:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-12 20:24 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 20:24 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 20:24 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-12 20:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-12 20:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 20:06 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 20:06 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-12 20:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 20:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 20:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 20:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:50 - 2010-12-21 22:20 - 01673294 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 17:43 - 2009-07-14 00:34 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:43 - 2009-07-14 00:34 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:42 - 2010-11-27 20:35 - 00000000 ___RD () C:\Users\Ed\Desktop\Cleaning and Security
2014-10-01 17:35 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:32 - 2010-11-27 21:14 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 17:30 - 2014-03-30 10:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 17:25 - 2012-05-21 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-29 20:22 - 2010-11-11 22:02 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 11:26 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2014-09-28 10:26 - 2009-07-13 22:04 - 00000505 _____ () C:\Windows\win.ini
2014-09-28 08:40 - 2010-11-11 21:23 - 00001581 _____ () C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 21:45 - 2010-11-28 12:27 - 00002516 _____ () C:\Users\Ed\Desktop\Google Chrome.lnk
2014-09-27 17:50 - 2012-06-22 01:10 - 00000000 ____D () C:\Users\Ed\AppData\Local\Deployment
2014-09-27 17:48 - 2010-11-11 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-27 17:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-27 17:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-09-27 16:54 - 2009-07-14 00:33 - 00297832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 20:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:46 - 2009-07-13 22:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 18:37 - 2010-11-11 21:53 - 00000000 ____D () C:\Program Files\Intel
2014-09-25 18:30 - 2014-02-02 12:18 - 00000000 ____D () C:\Users\Ed\AppData\Roaming\Nuance
2014-09-23 18:25 - 2012-05-21 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 18:25 - 2012-05-21 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-21 20:49 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed
2014-09-18 20:16 - 2010-11-08 15:33 - 00000000 ____D () C:\dell
2014-09-18 06:30 - 2010-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
2014-09-17 17:29 - 2013-11-15 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-11-11 21:37 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 13:36 - 2010-11-27 21:14 - 00000000 ____D () C:\Users\Ed\AppData\Local\Google
2014-09-13 07:21 - 2014-02-02 12:20 - 00000000 ____D () C:\Program Files\Brother
2014-09-13 07:21 - 2010-11-11 21:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-13 07:20 - 2014-02-02 12:21 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-09-13 06:53 - 2010-11-27 20:24 - 00000000 ____D () C:\Users\Ed\AppData\Local\Mozilla
2014-09-13 06:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 21:30 - 2013-11-15 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-12 21:24 - 2014-05-10 21:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-12 21:24 - 2014-01-18 11:31 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-12 21:24 - 2013-10-19 14:10 - 00002049 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-12 21:24 - 2013-05-31 15:26 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-12 21:24 - 2013-05-31 15:26 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-12 21:24 - 2013-05-31 15:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-12 20:58 - 2010-12-20 15:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 20:45 - 2014-05-11 12:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:45 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-12 20:44 - 2014-03-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 20:41 - 2013-08-13 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 20:35 - 2010-12-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 20:32 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed\AppData\Local\VirtualStore
2014-09-12 20:23 - 2011-06-14 13:05 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 20:12 - 2010-12-28 02:27 - 00000000 ____D () C:\Program Files\PokerStars.FOX
2014-09-12 20:03 - 2010-11-27 21:14 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Some content of TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite16531.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34339.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34417.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34951.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite64255.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite74080.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite83742.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite84825.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite90274.dll
C:\Users\Ed\AppData\Local\Temp\ytdieamo_amodu_setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 18:45

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 01
Ran by Ed at 2014-10-01 17:53:31
Running from C:\Users\Ed\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.149 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OAS (HKCU\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
RocketTab: (HKLM\...\RocketTab) (Version: - RocketTab:) <==== ATTENTION
Scansoft PDF Professional (Version: - ) Hidden
Soluto (HKLM\...\{9D48F834-97D9-4046-8664-FAB2C1A5091A}) (Version: 1.3.1149.0 - Soluto)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)
YTDownloader (HKLM\...\YTDownloader) (Version: - YTDownloader)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points =========================

18-09-2014 22:51:52 Windows Update
23-09-2014 21:33:37 Windows Update
23-09-2014 23:38:31 Windows Update
25-09-2014 22:35:43 Windows Update
27-09-2014 21:06:23 Windows Update
27-09-2014 21:32:36 Windows Update
01-10-2014 21:33:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-09-14 13:29 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0787A328-4F56-42C6-8AC2-41E82B113A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: {344A431A-0E6A-47C5-9B12-7A8B2DAB3954} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {445758AB-E4C3-492F-A03D-EA8AA027CB9C} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {49AB385C-7EFE-48DB-B537-34B1205EBD51} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {5D2E8075-AD3F-4A3B-97A7-88C49B0B2C59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-12] (AVAST Software)
Task: {5E60CC59-7492-4F46-8C4F-BD85EF7BA92C} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {63E5E72A-AC8E-4F77-9B5A-44B5B0E2273F} - \PastaQuotes No Task File <==== ATTENTION
Task: {6DDCE60E-6A6A-4CFC-9DBA-8BEE730B8C5C} - System32\Tasks\IC Running Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
Task: {7C477B1D-859D-4C2F-9CB4-6E01012264B0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {8B00D32E-760E-4246-A897-D38E965B9049} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {97B14A99-B19B-4DE9-9F19-E676FACE8871} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {B1F94688-A19B-48E4-BAC3-FB29BFD4D41B} - \SMW_UpdateTask_Time_3538323632353831312d345b413455412a45235a6c6c No Task File <==== ATTENTION
Task: {C5E03176-4F94-4D8B-B1F2-AE2CAE457C40} - \RocketTab No Task File <==== ATTENTION
Task: {C80DA152-3D3D-4F3E-A21B-1284FF6915C2} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
Task: {D19CE94F-084D-428D-93EC-E51AE6F0A51D} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {F1C5852E-E94A-4B48-A640-6759ACDEBB10} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
Task: {F32D4582-4B75-4A4F-8CEC-B982128EB0CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {F7B00289-6313-4DA4-89D0-AED871A3870B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: {F7C31C0E-92A0-4B6B-AC6D-77076BAD34CB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cfdb2638be0e3d.job => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-12 21:24 - 2014-09-12 21:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-28 08:39 - 2014-09-28 08:39 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092800\algo.dll
2014-10-01 17:36 - 2014-10-01 17:36 - 02867712 _____ () C:\Program Files\AVAST Software\Avast\defs\14100101\algo.dll
2014-09-13 06:34 - 2014-09-13 06:34 - 00156160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\15655f77a7dd4f5dde9a1707687c4685\PCGAppControlPluginLoader.ni.dll
2014-09-12 21:03 - 2014-09-12 21:03 - 01707008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\8c737a8feb24668062bed002f5d9412a\PCGPreCompiled.ni.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2009-09-04 03:38 - 2009-09-04 03:38 - 00020594 _____ () C:\Windows\System32\DELS3L3.DLL
2012-08-10 10:17 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2014-09-12 21:24 - 2014-09-12 21:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00133216 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
2014-09-23 13:06 - 2014-09-23 13:06 - 00104032 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\ManXec.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00074848 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmdProc.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00048224 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\PrfIns.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00056928 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WbSes.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00146016 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WdcMan.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00121952 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WblSupp.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00111200 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmnUtls.dll
2014-09-22 07:36 - 2014-09-22 07:36 - 00177152 _____ () C:\Users\Ed\AppData\Roaming\oas\oas.exe
2014-09-23 03:09 - 2014-09-23 03:09 - 00007168 _____ () C:\Users\Ed\AppData\Roaming\oas\mcc.exe
2014-03-28 16:59 - 2014-03-28 16:59 - 01100784 _____ () C:\Users\Ed\AppData\Roaming\oas\avcodec-53.dll
2014-03-28 16:59 - 2014-03-28 16:59 - 00124400 _____ () C:\Users\Ed\AppData\Roaming\oas\avutil-51.dll
2014-03-28 16:59 - 2014-03-28 16:59 - 00191984 _____ () C:\Users\Ed\AppData\Roaming\oas\avformat-53.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-27 17:22 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-09-27 17:22 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1314073599-2682765790-367747919-500 - Administrator - Disabled)
Ed (S-1-5-21-1314073599-2682765790-367747919-1000 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-1314073599-2682765790-367747919-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1314073599-2682765790-367747919-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2014 05:28:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2014 05:28:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/20/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15537

Error: (09/20/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15537

Error: (09/20/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 00:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14539

Error: (09/20/2014 00:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14539

Error: (09/20/2014 00:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2014 00:20:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13540

Error: (09/20/2014 00:20:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13540

System errors:
=============
Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/28/2014 10:28:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/28/2014 10:28:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 54%
Total physical RAM: 2012.99 MB
Available physical RAM: 924.87 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 2664.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.85 GB) (Free:170.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-10-01 17:59:41
-----------------------------
17:59:41.925 OS Version: Windows 6.1.7601 Service Pack 1
17:59:41.926 Number of processors: 2 586 0x170A
17:59:41.927 ComputerName: ED-PC UserName: Ed
17:59:42.802 Initialize success
17:59:42.802 VM: initialized successfully
17:59:42.813 VM: Intel CPU supported
17:59:46.371 VM: disk I/O iaStor.sys
17:59:50.171 AVAST engine defs: 14100101
18:00:08.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:00:08.711 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3
18:00:08.832 Disk 0 MBR read successfully
18:00:08.835 Disk 0 MBR scan
18:00:08.839 Disk 0 Windows 7 default MBR code
18:00:08.843 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:00:08.852 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 98304
18:00:08.855 Disk 0 default boot code
18:00:08.866 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230251 MB offset 16723968
18:00:08.872 Disk 0 scanning sectors +488278016
18:00:08.945 Disk 0 scanning C:\Windows\system32\drivers
18:00:17.155 Service scanning
18:00:34.414 Modules scanning
18:00:43.744 Disk 0 trace - called modules:
18:00:43.763 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:00:43.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658ea58]
18:00:43.772 3 CLASSPNP.SYS[8939459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8573e028]
18:00:44.316 AVAST engine scan C:\Windows
18:00:46.106 AVAST engine scan C:\Windows\system32
18:02:50.337 AVAST engine scan C:\Windows\system32\drivers
18:03:03.003 AVAST engine scan C:\Users\Ed
18:05:46.864 AVAST engine scan C:\ProgramData
18:08:23.634 Scan finished successfully
18:09:35.801 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
18:09:35.807 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

Thanks
--------------------------------------------
http://forums.spybot.info/showthread.php?71073-New-computer-possible-malware

Juliet

2014-10-03, 00:22

Hi and welcome

RocketTab: (HKLM\...\RocketTab) (Version: - RocketTab <==== ATTENTION
Please uninstall/remove RocketTab

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\user.js
CHR HomePage: Profile 1 -> hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,
CHR StartupUrls: Profile 1 -> "hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,"
CHR DefaultSearchKeyword: Profile 1 -> www-search.net
CHR DefaultSearchProvider: Profile 1 -> Search
CHR DefaultSearchURL: Profile 1 -> http://www-search.net/search.aspx?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,&q={searchTerms}
CHR DefaultSuggestURL: Profile 1 -> http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
Task: {344A431A-0E6A-47C5-9B12-7A8B2DAB3954} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {445758AB-E4C3-492F-A03D-EA8AA027CB9C} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {49AB385C-7EFE-48DB-B537-34B1205EBD51} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {63E5E72A-AC8E-4F77-9B5A-44B5B0E2273F} - \PastaQuotes No Task File <==== ATTENTION
Task: {7C477B1D-859D-4C2F-9CB4-6E01012264B0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {8B00D32E-760E-4246-A897-D38E965B9049} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {B1F94688-A19B-48E4-BAC3-FB29BFD4D41B} - \SMW_UpdateTask_Time_3538323632353831312d345b413455412a45235a6c6c No Task File <==== ATTENTION
Task: {C5E03176-4F94-4D8B-B1F2-AE2CAE457C40} - \RocketTab No Task File <==== ATTENTION
Task: {D19CE94F-084D-428D-93EC-E51AE6F0A51D} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {F7C31C0E-92A0-4B6B-AC6D-77076BAD34CB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\Users\Ed\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite16531.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34339.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34417.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34951.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite64255.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite74080.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite83742.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite84825.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite90274.dll
C:\Users\Ed\AppData\Local\Temp\ytdieamo_amodu_setup.exe
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

frignuts

2014-10-03, 03:30

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-10-2014 01
Ran by Ed at 2014-10-02 20:02:42 Run:1
Running from C:\Users\Ed\Desktop
Loaded Profile: Ed (Available profiles: Ed)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
FF user.js: detected! => C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\user.js
CHR HomePage: Profile 1 -> hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,
CHR StartupUrls: Profile 1 -> "hxxp://www-search.net/?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,"
CHR DefaultSearchKeyword: Profile 1 -> www-search.net
CHR DefaultSearchProvider: Profile 1 -> Search
CHR DefaultSearchURL: Profile 1 -> http://www-search.net/search.aspx?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,&q={searchTerms}
CHR DefaultSuggestURL: Profile 1 -> http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
Task: {344A431A-0E6A-47C5-9B12-7A8B2DAB3954} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {445758AB-E4C3-492F-A03D-EA8AA027CB9C} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {49AB385C-7EFE-48DB-B537-34B1205EBD51} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {63E5E72A-AC8E-4F77-9B5A-44B5B0E2273F} - \PastaQuotes No Task File <==== ATTENTION
Task: {7C477B1D-859D-4C2F-9CB4-6E01012264B0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {8B00D32E-760E-4246-A897-D38E965B9049} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {B1F94688-A19B-48E4-BAC3-FB29BFD4D41B} - \SMW_UpdateTask_Time_3538323632353831312d345b413455412a45235a6c6c No Task File <==== ATTENTION
Task: {C5E03176-4F94-4D8B-B1F2-AE2CAE457C40} - \RocketTab No Task File <==== ATTENTION
Task: {D19CE94F-084D-428D-93EC-E51AE6F0A51D} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {F7C31C0E-92A0-4B6B-AC6D-77076BAD34CB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\Users\Ed\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite16531.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34339.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34417.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34951.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite64255.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite74080.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite83742.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite84825.dll
C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite90274.dll
C:\Users\Ed\AppData\Local\Temp\ytdieamo_amodu_setup.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\user.js => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Profile 1 -> Search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{344A431A-0E6A-47C5-9B12-7A8B2DAB3954}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344A431A-0E6A-47C5-9B12-7A8B2DAB3954}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{445758AB-E4C3-492F-A03D-EA8AA027CB9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{445758AB-E4C3-492F-A03D-EA8AA027CB9C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Smp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49AB385C-7EFE-48DB-B537-34B1205EBD51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49AB385C-7EFE-48DB-B537-34B1205EBD51}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63E5E72A-AC8E-4F77-9B5A-44B5B0E2273F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E5E72A-AC8E-4F77-9B5A-44B5B0E2273F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C477B1D-859D-4C2F-9CB4-6E01012264B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C477B1D-859D-4C2F-9CB4-6E01012264B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMupdate1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B00D32E-760E-4246-A897-D38E965B9049}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B00D32E-760E-4246-A897-D38E965B9049}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1F94688-A19B-48E4-BAC3-FB29BFD4D41B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F94688-A19B-48E4-BAC3-FB29BFD4D41B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3538323632353831312d345b413455412a45235a6c6c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5E03176-4F94-4D8B-B1F2-AE2CAE457C40}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5E03176-4F94-4D8B-B1F2-AE2CAE457C40}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D19CE94F-084D-428D-93EC-E51AE6F0A51D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D19CE94F-084D-428D-93EC-E51AE6F0A51D}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7C31C0E-92A0-4B6B-AC6D-77076BAD34CB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7C31C0E-92A0-4B6B-AC6D-77076BAD34CB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"C:\Users\Ed\AppData\Local\Temp\6_Offer_19.exe" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite16531.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34339.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34417.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite34951.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite64255.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite74080.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite83742.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite84825.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\System.Data.SQLite90274.dll" => File/Directory not found.
"C:\Users\Ed\AppData\Local\Temp\ytdieamo_amodu_setup.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 40.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v3.311 - Report created 02/10/2014 at 20:11:18
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ed - ED-PC
# Running from : C:\Users\Ed\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : sbmntr

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\Program Files\YTDownloader
Folder Deleted : C:\Program Files\snipsmart
Folder Deleted : C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ed\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\610ca322f8d37a5\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\snipsmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\snipsmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatesnipsmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatesnipsmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilsnipsmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilsnipsmart_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update snipsmart
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util snipsmart
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4593 octets] - [02/10/2014 20:09:10]
AdwCleaner[S0].txt - [3681 octets] - [02/10/2014 20:11:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3741 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.6 (10.02.2014:1)
OS: Windows 7 Home Premium x86
Ran by Ed on Thu 10/02/2014 at 20:18:55.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SettingsPlugin.1

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/02/2014 at 20:21:06.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2014-10-03, 13:09

Tell me what's going on with the computer now?

Please run a Threat Scan with Malwarebytes' Anti-Malware. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x (https://forums.malwarebytes.org/index.php?showtopic=146017)
When reinstalling the program please try the latest version (http://www.malwarebytes.org/mwb-download/).

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

frignuts

2014-10-03, 21:44

The computer appears to be working ok but I can't access the internet on browsers.

whenever I try to use a browser I get a proxy error or it says something like this in the address bar:

http://www-search.net/search.aspx?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,&q=google

It did appear as though I was able to update malwarebytes and connect to the home network.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/3/2014
Scan Time: 2:08:04 PM
Logfile: mbam 10-3 2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.03.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290181
Time Elapsed: 11 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe, 2608, , [0e77eb04b4c7171fd4815bb0719234cc]

Modules: 7
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\msvcp110.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\msvcr110.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmdProc.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\ManXec.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\PrfIns.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WbSes.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WdcMan.dll, , [0e77eb04b4c7171fd4815bb0719234cc],

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\extensions, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\PepperFlash, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Data, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules, , [0e77eb04b4c7171fd4815bb0719234cc],

Files: 88
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\msvcp110.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\msvcr110.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome_100_percent.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome_child.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\content_resources.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\d3dcompiler_46.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\debug.log, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ffmpegsumo.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\First Run, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\icudt.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\libEGL.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\libGLESv2.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\metro_driver.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\nacl64.exe, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\nacl_irt_x86_32.nexe, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\nacl_irt_x86_64.nexe, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ppGoogleNaClPluginChrome.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\resources.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\hi.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\am.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ar.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\bg.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\bn.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ca.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\cs.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\da.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\de.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\el.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\en-GB.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\en-US.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\es-419.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\es.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\et.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\fa.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\fi.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\fil.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\fr.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\gu.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\he.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\hr.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\hu.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\id.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\it.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ja.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\kn.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ko.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\lt.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\lv.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ml.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\mr.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ms.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\nb.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\nl.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\pl.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\pt-BR.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\pt-PT.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ro.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ru.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\sk.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\sl.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\sr.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\sv.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\sw.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\ta.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\te.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\th.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\tr.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\uk.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\vi.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\zh-CN.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\locales\zh-TW.pak, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\PepperFlash\manifest.json, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\PepperFlash\pepflashplayer.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Data\ResPack2.bin, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\7z.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmdProc.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmlProc.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmnUtls.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\InSes.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\ManXec.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\NavSupp.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\PrfIns.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WblSupp.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WbSes.dll, , [0e77eb04b4c7171fd4815bb0719234cc],
PUP.Optional.IdleCrawler.A, C:\Users\Ed\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WdcMan.dll, , [0e77eb04b4c7171fd4815bb0719234cc],

Physical Sectors: 0
(No malicious items detected)

(end)

The computer appears to be working ok but I can't access the internet on browsers.

whenever I try to use a browser I get a proxy error or is say something like this in the address bar:

http://www-search.net/search.aspx?s=E9Rzamodu08173,89594a4b-f79b-4b96-9319-0a62c72850e4,&q=google

Juliet

2014-10-03, 22:18

Did you allow MBAM to delete/quarantine what it found?

Let's try a couple of things to get your internet back

Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

~~~~~~~~~~~~~~~~

Click on the Start http://dl.dropbox.com/u/16537616/Canned%20Speeches/Start%20Orb.jpg button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following command into it, press enter

netsh winsock reset

Tell me whats happening now.

frignuts

2014-10-03, 22:46

yes, I let Mbam quarantine/delete. all three browsers appear to be working now. Thanks.

Juliet

2014-10-03, 23:48

Let's take it a step further.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

frignuts

2014-10-04, 02:05

C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\6ccfd99507be49cf8ad6.dll.vir Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\6ccfd99507be49cf8ad664.dll.vir Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\snipsmart.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\snipsmart.BrowserAdapter64.exe.vir Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\{6ccfd995-07be-49cf-8ad6-1422dc08761a}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\{6ccfd995-07be-49cf-8ad6-1422dc08761a}64.dll.vir Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\YTDownloader\YTDUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application

Juliet

2014-10-04, 04:30

Good deal, all held in quarantine folders.

Let's remove these tools and folders.

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Click Run
Purge system restore
[/*]

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

[i]Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.

Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)

Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

frignuts

2014-10-04, 05:04

Awesome! thank you. I wasn't sure how to carry out this part:

"Purge system restore
[img=http://www.hdrcgb.org.uk/g2g/delfix.jpg][/*]"

Juliet

2014-10-04, 13:42

http://www.hdrcgb.org.uk/g2g/delfix.jpg

sometimes the forum board kinda distorts my images, sorry about that.

I wasn't sure how to carry out this part:
"Purge system restore
It's one of the buttons on the interface of Delfix.

We OK now?

frignuts

2014-10-04, 15:47

Yes! Thank you very much!

Juliet

2014-10-04, 19:28

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.