Encounter With Shady IT Guy [Archive] - Safer-Networking Forums

justinklauer

2015-02-16, 04:54

Hi,

I recently had a very hair raising experience with an Intuit IT gentleman. I called what I assumed was an Intuit helpline number, for help with a Quicken issue, and got a man who had me install a remote access program, Log Me IN Rescue, so he could control my computer and look for the issue. This is the site I got the number from http :// quicken247. com/IntuitQuickenSupport.html and this is the number I called (855) 337-8444. Went fine at first then I started to get more and more uncomfortable with the way he was just breezing through things saying I had this and that corrupted on a computer that had been working fine. The endpoint came when he brought up notepad and wanted me to enter my email address, phone number, name, and asking me to get my checkbook so I could pay tech from Microsoft to fix my problems. I immediately hung up, shut down my PC, and disconnected my internet. I called an IT friend and he said I probably got a shady guy from Intuit or got a bad number to call for support when I goggled Intuit support. He advised me to install Malwarebytes and Spybot, I already was running avast. I ran all three in regular boot mode and cleaned up some issues, then ran Spybot and Malwarebytes in safe mode as administrator. Then rebooted, got on the internet for a bit, then rebooted in safe mode and ran Spybot and Malwarebytes. Malwarebytes came up clean but no matter how many times I ran Spybot I kept having the same things pop up no matter how many times I fixed them. Spybot classiefied them as low risk but I am nervous after the run in with the scamming IT guy. If you could give me some guidance I would greatly appreciate it.

A note on Log Me In Rescue. The file for that is still in my downloads file, however I can not find it on my computer to unistall it. Any search I do for it just takes me back to the download file. This is the site I got the number from http :// quicken247. com /IntuitQuickenSupport.html and this is the number I called (855) 337-8444

I hope this is how you want me to post then info.

Farber:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by justin (administrator) on JUSTIN-PC on 15-02-2015 11:29:45
Running from c:\Users\justin\Downloads
Loaded Profiles: justin (Available profiles: justin & Mcx1)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_vista_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6956576 2009-01-05] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-09-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2009-03-05] (Sony Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RegistrationReminder] => C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe [2053936 2009-03-24] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [VAIORegistration] => C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [16384 2008-06-26] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [VAIOSurvey] => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM-x32\...\Run: [AML] => C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1101824 2009-03-09] (Sony)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-06] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\MountPoints2: {6cb666ee-2ee1-11df-8bc9-001dbaf52fe4} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
URLSearchHook: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS343
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {66EA5FC7-5210-4E52-B355-37474A844A10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS343
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
Toolbar: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.209.37

FireFox:
========
FF ProfilePath: C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\vzbylbeh.default
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-857792936-1930506185-2255158582-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\justin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\vzbylbeh.default\searchplugins\yahoo-avast.xml
FF Extension: Yahoo! Toolbar - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\vzbylbeh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(49) [2010-02-23]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\vzbylbeh.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-10-06]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-22]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\justin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (Avast Online Security) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-05] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1449984 2008-08-20] (Intel(R) Corporation) [File not signed]
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S2 gupdate1c9cfe1c0999a7f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-11-07] (Google Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [141344 2009-01-05] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [5184872 2009-01-14] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-05] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-02-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2015-02-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2015-02-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-05] ()
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-11-25] (Sony Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:29 - 2015-02-15 11:30 - 00031097 _____ () C:\Users\justin\Downloads\FRST.txt
2015-02-15 11:27 - 2015-02-15 11:29 - 00000000 ____D () C:\FRST
2015-02-15 11:27 - 2015-02-15 11:27 - 02085888 _____ (Farbar) C:\Users\justin\Downloads\FRST64.exe
2015-02-15 11:26 - 2015-02-15 11:26 - 01125888 _____ (Farbar) C:\Users\justin\Downloads\FRST.exe
2015-02-15 11:26 - 2015-02-15 11:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JUSTIN-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-02-15 11:24 - 2015-02-15 11:24 - 00000000 ____D () C:\RegBackup
2015-02-15 11:22 - 2015-02-15 11:22 - 00002070 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-15 11:22 - 2015-02-15 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-15 11:22 - 2015-02-15 11:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-15 11:21 - 2015-02-15 11:21 - 04804736 _____ () C:\Users\justin\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-15 11:13 - 2015-02-15 11:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 11:13 - 2015-02-15 11:13 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 11:13 - 2015-02-15 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 11:13 - 2015-02-15 11:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 11:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 11:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 11:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-15 11:12 - 2015-02-15 11:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\justin\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-14 21:42 - 2015-02-15 01:41 - 00000732 _____ () C:\Users\justin\AppData\Local\d3d9caps64.dat
2015-02-14 19:49 - 2006-09-18 15:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150214-194933.backup
2015-02-14 18:00 - 2015-02-15 10:38 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-14 18:00 - 2015-02-14 23:13 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-14 18:00 - 2015-02-14 23:13 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-14 18:00 - 2015-02-14 18:00 - 00003798 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2015-02-14 18:00 - 2015-02-14 18:00 - 00003444 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2015-02-14 18:00 - 2015-02-14 18:00 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2015-02-14 17:59 - 2015-02-14 19:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-14 17:59 - 2015-02-14 18:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-14 17:59 - 2015-02-14 17:59 - 00001230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-14 17:59 - 2015-02-14 17:59 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-14 17:59 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-14 17:58 - 2015-02-14 17:58 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\justin\Downloads\spybot-2.4.exe
2015-02-14 17:50 - 2015-02-14 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 17:48 - 2015-02-14 17:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\justin\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-14 12:26 - 2015-02-14 12:26 - 00000000 ____D () C:\Users\justin\AppData\Local\LogMeIn Rescue Applet
2015-02-14 12:25 - 2015-02-14 12:25 - 01528128 _____ (LogMeIn, Inc.) C:\Users\justin\Downloads\Support-LogMeInRescue.exe
2015-02-12 11:58 - 2015-01-22 22:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 11:58 - 2015-01-22 21:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 11:58 - 2015-01-22 21:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 11:58 - 2015-01-22 20:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 16:14 - 2014-12-07 19:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 16:14 - 2014-12-07 19:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:13 - 2015-01-08 18:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:13 - 2014-11-25 20:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:13 - 2014-11-25 19:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:12 - 2015-01-12 19:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:12 - 2015-01-12 19:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:09 - 2015-01-15 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:09 - 2015-01-14 22:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:54 - 2015-01-13 21:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:54 - 2015-01-13 20:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:54 - 2015-01-13 20:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-10 20:54 - 2015-01-13 20:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:54 - 2015-01-13 20:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:54 - 2015-01-13 20:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:54 - 2015-01-13 20:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:54 - 2015-01-13 20:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-10 20:54 - 2015-01-13 20:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:54 - 2015-01-13 20:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:54 - 2015-01-13 20:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:54 - 2015-01-13 20:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:54 - 2015-01-13 20:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:54 - 2015-01-13 20:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:54 - 2015-01-13 20:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:54 - 2015-01-13 20:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:54 - 2015-01-13 20:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:54 - 2015-01-13 20:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-10 20:54 - 2015-01-13 20:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-10 20:54 - 2015-01-13 20:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-10 20:54 - 2015-01-13 19:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 20:54 - 2015-01-13 19:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-10 20:54 - 2015-01-13 19:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 20:54 - 2015-01-13 19:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 20:54 - 2015-01-13 19:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 20:54 - 2015-01-13 19:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 20:54 - 2015-01-13 19:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 20:54 - 2015-01-13 19:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 20:54 - 2015-01-13 19:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 20:54 - 2015-01-13 19:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-10 20:54 - 2015-01-13 19:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 20:54 - 2015-01-13 19:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 20:54 - 2015-01-13 19:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-10 20:54 - 2015-01-13 19:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-10 20:54 - 2015-01-13 19:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-08 10:16 - 2015-02-08 10:16 - 00000000 _____ () C:\Users\justin\AppData\Roaming\wklnhst.dat
2015-02-06 16:01 - 2015-02-06 16:01 - 00003176 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-857792936-1930506185-2255158582-1000
2015-02-05 18:20 - 2015-02-05 18:20 - 00000000 ____D () C:\Users\justin\AppData\Roaming\AVAST Software
2015-02-05 18:12 - 2015-02-05 18:12 - 00001827 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-05 18:11 - 2015-02-05 18:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-05 18:11 - 2015-02-05 18:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-05 18:11 - 2015-02-05 18:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-05 18:07 - 2015-02-05 18:11 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-05 18:07 - 2015-02-05 18:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-01 10:01 - 2015-02-01 10:01 - 00000000 _____ () C:\Users\justin\Sti_Trace.log
2015-01-31 16:39 - 2015-01-31 16:39 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 16:39 - 2015-01-31 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 16:39 - 2015-01-31 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-31 16:38 - 2015-01-31 16:39 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 16:38 - 2015-01-31 16:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 16:38 - 2015-01-31 16:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 16:17 - 2015-02-06 19:08 - 00000000 ____D () C:\Users\justin\AppData\Roaming\Epson
2015-01-30 13:48 - 2015-01-30 13:48 - 00000044 _____ () C:\Windows\XP-410.ini
2015-01-30 13:48 - 2015-01-30 13:48 - 00000000 ____D () C:\Users\justin\AppData\Roaming\Leadertech
2015-01-30 13:41 - 2015-02-15 10:41 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}.job
2015-01-30 13:41 - 2015-02-15 10:41 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}.job
2015-01-30 13:41 - 2015-01-30 13:41 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-410 Series Update {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}
2015-01-30 13:41 - 2015-01-30 13:41 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-410 Series Invitation {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}
2015-01-30 13:36 - 2015-01-30 14:37 - 00000000 ____D () C:\Program Files (x86)\epson
2015-01-30 13:36 - 2015-01-30 13:36 - 00000765 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-01-30 13:36 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-01-30 13:36 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-01-30 13:35 - 2015-01-30 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-01-30 13:35 - 2015-01-30 14:38 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-01-30 13:35 - 2015-01-30 13:35 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-410 Series Invitation {4176728A-1531-4C05-8BB3-FE444D28CA2D}
2015-01-30 13:35 - 2015-01-30 13:35 - 00000000 ____D () C:\Program Files\EpsonNet
2015-01-30 13:35 - 2015-01-30 13:35 - 00000000 ____D () C:\Program Files\EPSON
2015-01-30 13:35 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2015-01-30 13:35 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2015-01-30 13:35 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2015-01-30 13:35 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2015-01-30 13:35 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2015-01-30 13:35 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2015-01-30 13:34 - 2015-02-14 20:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {4176728A-1531-4C05-8BB3-FE444D28CA2D}.job
2015-01-30 13:34 - 2015-02-14 20:34 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {4176728A-1531-4C05-8BB3-FE444D28CA2D}.job
2015-01-30 13:34 - 2015-01-30 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-01-30 13:34 - 2015-01-30 13:34 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-410 Series Update {4176728A-1531-4C05-8BB3-FE444D28CA2D}
2015-01-30 13:34 - 2015-01-30 13:34 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-01-30 13:34 - 2013-04-16 21:03 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLAE.DLL
2015-01-30 13:34 - 2007-04-09 18:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-01-30 13:33 - 2015-01-30 13:36 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-30 13:33 - 2011-03-14 20:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLAE.DLL
2015-01-30 13:18 - 2015-01-30 13:27 - 106924320 _____ () C:\Users\justin\Downloads\epson15217.exe
2015-01-30 12:45 - 2015-01-30 12:45 - 00000104 _____ () C:\Users\justin\Network Magic Folders - Shortcut.lnk
2015-01-26 11:36 - 2015-01-26 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-22 14:07 - 2015-01-22 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-22 14:07 - 2015-01-22 14:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-22 13:51 - 2015-01-22 13:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 11:17 - 2009-09-01 19:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 10:48 - 2009-07-15 12:53 - 01728255 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 10:47 - 2012-09-04 12:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 10:40 - 2012-09-11 17:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-15 10:39 - 2009-09-01 19:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 10:38 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 10:38 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:38 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:38 - 2006-11-02 09:21 - 00330088 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 23:23 - 2009-04-20 14:01 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-14 23:23 - 2006-11-02 09:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 22:39 - 2010-05-13 11:08 - 00001356 _____ () C:\Users\justin\AppData\Local\d3d9caps.dat
2015-02-14 21:33 - 2008-01-20 21:26 - 00531194 _____ () C:\Windows\PFRO.log
2015-02-13 19:20 - 2012-02-15 18:20 - 00002088 _____ () C:\Windows\system32\spsys.log
2015-02-11 16:12 - 2009-05-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 16:09 - 2013-08-27 19:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 16:02 - 2006-11-02 06:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 12:19 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 11:25 - 2013-11-19 15:06 - 00043008 _____ () C:\Users\justin\Documents\personal finance templete.xls
2015-02-06 16:01 - 2011-08-04 15:17 - 00000876 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 16:01 - 2009-09-02 11:48 - 00000876 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 06:12 - 2012-01-22 15:03 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-05 18:11 - 2012-01-22 15:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-05 18:11 - 2012-01-22 15:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-05 18:11 - 2012-01-22 15:03 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-02-05 18:11 - 2012-01-22 15:03 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-02-05 18:07 - 2012-01-22 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 18:07 - 2009-09-01 19:55 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2015-02-05 07:47 - 2012-09-04 12:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 07:47 - 2012-09-04 12:18 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 07:47 - 2011-06-07 11:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 14:12 - 2009-09-01 19:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:12 - 2009-09-01 19:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-01 15:26 - 2009-09-04 14:48 - 00014848 _____ () C:\Users\justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 10:01 - 2009-09-01 18:39 - 00000000 ____D () C:\Users\justin
2015-01-31 16:38 - 2009-09-01 19:27 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 16:35 - 2006-11-02 09:27 - 00074692 _____ () C:\Windows\setupact.log
2015-01-30 23:27 - 2013-07-24 01:44 - 00000000 ____D () C:\ProgramData\ArcSoft
2015-01-30 14:37 - 2009-04-20 15:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 12:52 - 2012-09-10 07:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 11:20 - 2013-10-19 11:07 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-01-22 14:02 - 2013-07-24 08:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 13:56 - 2009-09-01 19:27 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 13:54 - 2012-12-26 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-20 15:12 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2015-02-08 10:16 - 2015-02-08 10:16 - 0000000 _____ () C:\Users\justin\AppData\Roaming\wklnhst.dat
2010-05-13 11:08 - 2015-02-14 22:39 - 0001356 _____ () C:\Users\justin\AppData\Local\d3d9caps.dat
2015-02-14 21:42 - 2015-02-15 01:41 - 0000732 _____ () C:\Users\justin\AppData\Local\d3d9caps64.dat
2009-09-04 14:48 - 2015-02-01 15:26 - 0014848 _____ () C:\Users\justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-22 15:02 - 2012-01-22 15:03 - 0442498 _____ () C:\Users\justin\AppData\Local\dd_vcredistMSI0F28.txt
2012-01-22 15:02 - 2012-01-22 15:03 - 0011682 _____ () C:\Users\justin\AppData\Local\dd_vcredistUI0F28.txt
2015-01-13 23:47 - 2015-01-13 23:47 - 8673792 _____ () C:\ProgramData\atscie.msi

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-15 10:46

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by justin at 2015-02-15 11:30:38
Running from c:\Users\justin\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.4.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.2 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{97A2310E-F75D-27D5-9167-B1A464637C47}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CA Yahoo! Anti-Spy (remove only) (HKLM-x32\...\cayahooantispy) (Version: - CA, Inc.)
ccc-core-static (x32 Version: 2009.0302.2147.39080 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Cisco Network Magic (x32 Version: 5.1.8354.0 - Pure Networks) Hidden
Click to Disc (x32 Version: 1.2.60.13210 - Sony Corporation) Hidden
Click to Disc Editor (x32 Version: 2.0.00 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
DetectorTools (HKLM-x32\...\{30673869-977C-45B1-9D00-D6C1F630C5C9}) (Version: 1.9.0 - Escort)
Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Facebook Plug-In (HKU\S-1-5-21-857792936-1930506185-2255158582-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel(R) Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java(TM) 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (x32 Version: 1.3.01.13160 - Sony Corporation) Hidden
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.1.8354.0 - Cisco Systems, Inc.)
OpenMG Secure Module 5.3.00 (x32 Version: 5.3.00.13080 - Sony Corporation) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Pure Networks Platform (x32 Version: 11.1.8350.0 - Pure Networks) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5759 - Realtek Semiconductor Corp.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Setting Utility Series (x32 Version: 4.3.0.14120 - Sony Corporation) Hidden
Skins (x32 Version: 2009.0302.2147.39080 - ATI) Hidden
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.7.4.20090305.1964 - Sony Corporation)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Sony Home Network Library (x32 Version: 1.4.0.14050 - Sony Corporation) Hidden
Sony Picture Utility (x32 Version: 4.2.12.14260 - Sony Corporation) Hidden
Sony Video Shared Library (x32 Version: 3.5.00 - Sony Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Care (x32 Version: 5.1.0.13200 - Sony Corporation) Hidden
VAIO Content Folder Setting (x32 Version: 2.3.0.12220 - Sony Corporation) Hidden
VAIO Content Folder Watcher (x32 Version: 1.1.0.13140 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.4.0.13192 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (x32 Version: 3.4.0.13160 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (x32 Version: 3.4.0.13160 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 3.3.0.12240 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.1.00.13080 - Sony Corporation) Hidden
VAIO DVD Menu Data Basic (x32 Version: 1.0.00.08130 - Sony Corporation) Hidden
VAIO Entertainment Platform (x32 Version: 3.4.0.13210 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 4.3.0.13190 - Sony Corporation) Hidden
VAIO Help and Support (x32 Version: 8.00.0410 - Sony Corporation) Hidden
VAIO Launcher (x32 Version: 2.3.0.15090 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 1.4.0.14050 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 1.2.0.09050 - Sony Corporation) Hidden
VAIO Movie Story (x32 Version: 1.4.00.13080 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 1.4.00.13080 - Sony Corporation) Hidden
VAIO MusicBox (x32 Version: 2.2.0.13091 - Sony Corporation) Hidden
VAIO MusicBox Sample Music (x32 Version: 1.1.00.14140 - Sony Corporation) Hidden
VAIO My Memory Center (x32 Version: 3.00.0317 - Sony) Hidden
VAIO OOBE and Welcome Center (x32 Version: 7.00.1027.US.FS - Sony Corporation) Hidden
VAIO OOBE and Welcome Center (x32 Version: 8.00.0327.ENUS - Sony Corporation) Hidden
VAIO Original Function Setting (x32 Version: 1.5.01.10310 - Sony Corporation) Hidden
VAIO Power Management (x32 Version: 3.3.0.12190 - Sony Corporation) Hidden
VAIO Presentation Support (x32 Version: 1.2.0.12240 - Sony Corporation) Hidden
VAIO Startup Assistant (x32 Version: 5.00.0410 - Sony) Hidden
VAIO Survey (x32 Version: 6.00.0722 - Sony Corporation) Hidden
VAIO Update 4 (x32 Version: 4.1.0.12180 - Sony Corporation) Hidden
VAIO Wallpaper Contents (x32 Version: 1.3.0.10310 - Sony Corporation) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{D239B547-8B20-4BDE-888D-C9CCA823FFD8}) (Version: 6.2.0.7600 - Broadcom Corporation)
Windows Driver Package - Escort, Inc. (usbser) Ports (07/28/2010 1.0.0.0) (HKLM\...\1AC682A082B05B35DE2BBCF4C6C2985E9F7C7F26) (Version: 07/28/2010 1.0.0.0 - Escort, Inc.)
Windows Driver Package - Escort, Inc. (usbser) Ports (07/28/2010 1.0.0.0) (HKLM\...\F7CED80D8FBC3EEAA10AD0BE519D09C4E1BEEAB8) (Version: 07/28/2010 1.0.0.0 - Escort, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinDVD BD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.727 - InterVideo Inc.)
WinDVD BD for VAIO (x32 Version: 8.0-B9.727 - InterVideo Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

30-01-2015 13:03:51 Windows Update
30-01-2015 13:34:09 Device Driver Package Install: EPSON Printers
30-01-2015 13:37:00 Device Driver Package Install: EPSON Imaging devices
30-01-2015 14:34:29 Installed Software Updater
30-01-2015 14:35:43 Installed Epson Event Manager
30-01-2015 16:07:04 Windows Update
31-01-2015 13:03:46 Scheduled Checkpoint
01-02-2015 10:51:59 Scheduled Checkpoint
02-02-2015 00:00:02 Scheduled Checkpoint
03-02-2015 00:00:04 Scheduled Checkpoint
03-02-2015 01:54:03 Windows Update
04-02-2015 00:00:03 Scheduled Checkpoint
05-02-2015 00:00:04 Scheduled Checkpoint
05-02-2015 18:08:03 avast! antivirus system restore point
06-02-2015 02:11:04 Windows Update
06-02-2015 20:32:04 Scheduled Checkpoint
08-02-2015 00:00:03 Scheduled Checkpoint
09-02-2015 00:00:04 Scheduled Checkpoint
09-02-2015 16:46:44 Scheduled Checkpoint
10-02-2015 01:32:55 Windows Update
11-02-2015 00:00:03 Scheduled Checkpoint
11-02-2015 16:00:25 Windows Update
12-02-2015 16:00:13 Windows Update
14-02-2015 00:00:03 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2015-02-14 19:49 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05AC54D6-1B07-4F7C-BAB2-770B8FC2B2B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {12AED7CE-5F98-44A3-839D-62E1C85FFB65} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-12-18] (Sony Corporation)
Task: {13F1E039-5288-482A-8735-AC72F7ABB0B8} - System32\Tasks\avastBCLRestartS-1-5-21-857792936-1930506185-2255158582-1000 => Firefox.exe
Task: {164A9869-FC37-42C7-9968-44BB9EA628F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {16E62FF6-B7E0-4A92-B1A6-868E34FDDA74} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {22F714F8-F54E-41EB-9CD3-ADA7DD6AE0E7} - System32\Tasks\{1CC48817-BC4A-4C73-86E5-6ACAD1ECC5CC} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {23E038C2-1803-4925-86C9-909C03EBFA94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {59B3D486-5A85-41F8-B38D-0CFCCCA616C5} - System32\Tasks\EPSON XP-410 Series Invitation {4176728A-1531-4C05-8BB3-FE444D28CA2D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {5AFA5FD9-8689-4EF6-9A58-06205B6A53E2} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {92006169-BC8B-400E-8D83-E0692CFD636D} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A90CCDF8-4B23-4E30-93D7-39EEC4E6771B} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-12-04] (Sony Corporation)
Task: {BF22CFED-F2B5-4859-A35E-C58F3EC05479} - System32\Tasks\VAIORegistration => C:\program files\Sony\First Experience\VAIORegCommand.exe [2009-03-18] (Sony Electronics, Inc.)
Task: {C6CBF2C9-FDEF-4CA3-8BCB-7C99C6F73DD5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8A2BE17-8B34-41A5-B5E8-4DE0369580D8} - System32\Tasks\EPSON XP-410 Series Update {4176728A-1531-4C05-8BB3-FE444D28CA2D} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {D3C3E5AD-8DDF-46CC-9949-77294EE1FCD6} - System32\Tasks\EPSON XP-410 Series Invitation {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {D4A8A5DF-BB32-4E69-84C8-49B7E355633B} - System32\Tasks\EPSON XP-410 Series Update {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {EB21127A-1DF3-4F72-BA6E-B73AC1FA5F63} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-05] (AVAST Software)
Task: {EDAA0D64-5F0D-40F3-B200-2E7855E5F609} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {4176728A-1531-4C05-8BB3-FE444D28CA2D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {4176728A-1531-4C05-8BB3-FE444D28CA2D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {F5DEFF0D-3C9E-4D1E-8F57-B0C70DEB3538}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-06 11:27 - 2007-09-06 11:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-08-20 17:42 - 2008-08-20 17:42 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-20 14:38 - 2009-03-11 14:05 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2013-10-31 13:47 - 2013-10-31 13:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-01-24 12:15 - 2009-01-24 12:15 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-05-08 07:12 - 2009-03-04 16:20 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
2009-05-08 07:24 - 2009-05-08 07:24 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 11:19 - 2008-11-25 11:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-08-26 12:41 - 2008-08-26 12:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-05-08 07:12 - 2009-03-04 16:19 - 00045056 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
2009-05-08 07:12 - 2009-03-04 16:20 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2012-05-16 00:33 - 2006-10-30 05:43 - 00306688 _____ () C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_vista_64.exe
2015-02-15 10:41 - 2015-02-15 10:41 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2015-02-14 17:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-14 17:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-14 17:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-14 17:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-14 17:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-05-08 08:41 - 2009-01-19 13:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-05-08 08:41 - 2009-01-19 13:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2015-02-05 18:11 - 2015-02-05 18:11 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00126976 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2009-05-08 07:12 - 2009-03-04 12:59 - 00036864 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2009-05-08 07:12 - 2009-03-04 16:19 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2009-05-08 07:12 - 2009-03-04 12:59 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2009-05-08 07:12 - 2009-03-04 16:19 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2009-05-08 07:12 - 2009-03-04 16:19 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2009-05-08 07:12 - 2009-03-04 16:19 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2009-05-08 07:12 - 2009-03-04 16:17 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2009-05-08 07:12 - 2009-03-04 16:18 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
2015-01-26 11:36 - 2015-01-26 11:36 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-857792936-1930506185-2255158582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 97.64.183.164 - 97.64.209.37

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-857792936-1930506185-2255158582-500 - Administrator - Disabled)
Guest (S-1-5-21-857792936-1930506185-2255158582-501 - Limited - Enabled)
justin (S-1-5-21-857792936-1930506185-2255158582-1000 - Administrator - Enabled) => C:\Users\justin
Mcx1 (S-1-5-21-857792936-1930506185-2255158582-1001 - Administrator - Enabled) => C:\Users\Mcx1

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 10:42:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:42:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2015 10:39:52 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (02/15/2015 10:39:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2015 11:26:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/15/2015 10:39:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall
SRTSP
SRTSPX

Error: (02/15/2015 10:39:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Norton Internet Security%%3

Error: (02/15/2015 10:39:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/15/2015 10:36:48 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/14/2015 11:26:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

Error: (02/14/2015 11:26:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/14/2015 11:26:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/14/2015 11:26:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/14/2015 11:26:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/14/2015 11:26:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-15 11:30:30.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:30:30.506
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:30:30.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:30:29.695
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:29:54.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:29:54.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:29:54.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 11:29:53.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 10:39:47.327
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-15 10:39:46.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 6110.11 MB
Available physical RAM: 3259.61 MB
Total Pagefile: 12411.23 MB
Available Pagefile: 9156.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive b: () (RAMDisk) (Total:362.24 GB) (Free:141.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: () (Fixed) (Total:362.24 GB) (Free:143.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (BLACKBERRY) (Removable) (Total:0.47 GB) (Free:0.31 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: CDC555A7)
Partition 1: (Not Active) - (Size=10.4 GB) - (Type=27)
Partition 2: (Active) - (Size=362.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481.9 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

MBR

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-15 20:30:51
-----------------------------
20:30:51.276 OS Version: Windows x64 6.0.6002 Service Pack 2
20:30:51.276 Number of processors: 2 586 0x1706
20:30:51.276 ComputerName: JUSTIN-PC UserName: justin
20:30:53.448 Initialize success
20:30:53.453 VM: initialized successfully
20:30:53.454 VM: Intel CPU virtualization not supported
20:30:58.445 AVAST engine defs: 15021501
20:31:29.166 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:31:29.169 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
20:31:29.172 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
20:31:29.175 Disk 1 Vendor: RICOH 01 Size: 481MB BusType: 0
20:31:29.180 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006c
20:31:29.183 Disk 2 Vendor: RICOH 02 Size: 481MB BusType: 0
20:31:29.587 Disk 0 MBR read successfully
20:31:29.591 Disk 0 MBR scan
20:31:29.614 Disk 0 Windows VISTA default MBR code
20:31:29.634 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10623 MB offset 2048
20:31:29.654 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370929 MB offset 21757952
20:31:29.923 Disk 0 scanning C:\Windows\system32\drivers
20:31:54.535 Service scanning
20:32:44.050 Modules scanning
20:32:44.057 Disk 0 trace - called modules:
20:32:44.101 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:32:44.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008033790]
20:32:44.113 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> [0xfffffa80063dc3e0]
20:32:44.118 5 acpi.sys[fffffa60008dffde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006446050]
20:32:45.641 AVAST engine scan C:\Windows
20:32:58.687 AVAST engine scan C:\Windows\system32
20:36:14.829 AVAST engine scan C:\Windows\system32\drivers
20:36:33.929 AVAST engine scan C:\Users\justin
20:54:31.202 Disk 0 statistics 3386141/0/0 @ 1.34 MB/s
20:54:31.211 Scan stopped
20:54:46.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:54:46.127 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
20:54:46.134 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
20:54:46.143 Disk 1 Vendor: RICOH 01 Size: 481MB BusType: 0
20:54:46.150 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006c
20:54:46.160 Disk 2 Vendor: RICOH 02 Size: 481MB BusType: 0
20:54:46.213 Disk 0 MBR read successfully
20:54:46.220 Disk 0 MBR scan
20:54:46.229 Disk 0 Windows VISTA default MBR code
20:54:46.249 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10623 MB offset 2048
20:54:46.268 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370929 MB offset 21757952
20:54:46.280 Disk 0 scanning C:\Windows\system32\drivers
20:54:46.287 Service scanning
20:55:36.497 Modules scanning
20:55:36.498 Disk 0 trace - called modules:
20:55:36.548 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:55:36.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008033790]
20:55:36.549 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> [0xfffffa80063dc3e0]
20:55:36.550 5 acpi.sys[fffffa60008dffde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006446050]
20:55:38.144 AVAST engine scan C:\Windows
20:56:13.240 AVAST engine scan C:\Windows\system32
20:59:59.911 AVAST engine scan C:\Windows\system32\drivers
21:00:17.156 AVAST engine scan C:\Users\justin
21:42:18.730 AVAST engine scan C:\ProgramData
21:47:03.251 Disk 0 statistics 7216350/0/0 @ 0.84 MB/s
21:47:03.261 Scan finished successfully
21:49:50.289 Disk 0 MBR has been saved successfully to "C:\Users\justin\Desktop\MBR.dat"
21:49:50.298 The log file has been saved successfully to "C:\Users\justin\Desktop\aswMBR.txt"

Spybot Log From Last Scan:

Search results from Spybot - Search & Destroy

2/15/2015 1:43:42 AM
Scan took 00:32:19.
8 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)

--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-02-14 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-02-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-02-10 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-02-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-02-10 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Juliet

2015-02-16, 15:26

Couple of things I see that need to be taken care of first.

Norton Internet Security
AVAST Software

Your using 2 different antivirus programs that probably wont allow us to do much to the computer. Kinda asking for trouble in different ways so what I suggest it to remove one at this time.
Your decision which and if you run into trouble let me know.

~~~~~~~~~~~~~~~~

We will remove all entries left for LogMeIn.

Running from c:\Users\justin\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
URLSearchHook: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {66EA5FC7-5210-4E52-B355-37474A844A10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
Toolbar: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
2015-02-14 12:26 - 2015-02-14 12:26 - 00000000 ____D () C:\Users\justin\AppData\Local\LogMeIn Rescue Applet
2015-02-14 12:25 - 2015-02-14 12:25 - 01528128 _____ (LogMeIn, Inc.) C:\Users\justin\Downloads\Support-LogMeInRescue.exe
C:\Users\justin\AppData\Local\LogMeIn
C:\Users\justin\Downloads\Support-LogMeInRescue.exe
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

justinklauer

2015-02-17, 03:22

Juliet-

Fist off thank you very much for your assistance in cleaning up my computer. Your effort means very much to me.

I followed your directions to the best of my abilities and have posted the log files you requested below.

A couple of notes from my end:

I was not able to find Norton Internet Security on my computer, but I did delete Avast for the time being so it would not interfere with what we are doing. Should I reinstall Avast when we are done?

When asked to shutdown my protection for the Junkware Removal Tool I was able to shutdown Malwarebytes malware protection and Malwarebytes malicious website protection. I could not figure out if there was anything to shutdown with Spybot so I uninstalled it for the time being. I think that was all I could do to shutdown my computer protection. However if there is something I missed please let me know and I will rescan as needed.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by justin at 2015-02-16 19:15:04 Run:1
Running from C:\Users\justin\Desktop
Loaded Profiles: justin (Available profiles: justin & Mcx1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
URLSearchHook: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> {66EA5FC7-5210-4E52-B355-37474A844A10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
Toolbar: HKU\S-1-5-21-857792936-1930506185-2255158582-1000 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
2015-02-14 12:26 - 2015-02-14 12:26 - 00000000 ____D () C:\Users\justin\AppData\Local\LogMeIn Rescue Applet
2015-02-14 12:25 - 2015-02-14 12:25 - 01528128 _____ (LogMeIn, Inc.) C:\Users\justin\Downloads\Support-LogMeInRescue.exe
C:\Users\justin\AppData\Local\LogMeIn
C:\Users\justin\Downloads\Support-LogMeInRescue.exe
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => value deleted successfully.
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => value deleted successfully.
"HKU\S-1-5-21-857792936-1930506185-2255158582-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-857792936-1930506185-2255158582-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66EA5FC7-5210-4E52-B355-37474A844A10}" => Key deleted successfully.
HKCR\CLSID\{66EA5FC7-5210-4E52-B355-37474A844A10} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
HKU\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} => value deleted successfully.
HKCR\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E} => Key not found.
C:\Users\justin\AppData\Local\LogMeIn Rescue Applet => Moved successfully.
C:\Users\justin\Downloads\Support-LogMeInRescue.exe => Moved successfully.
"C:\Users\justin\AppData\Local\LogMeIn" => File/Directory not found.
"C:\Users\justin\Downloads\Support-LogMeInRescue.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 682.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:21:06 ====

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 19:38:06
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : justin - JUSTIN-PC
# Running from : C:\Users\justin\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\Conduit

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[vzbylbeh.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v40.0.2214.111

[C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2305 bytes] - [16/02/2015 19:30:03]
AdwCleaner[R1].txt - [2364 bytes] - [16/02/2015 19:34:26]
AdwCleaner[S0].txt - [2115 bytes] - [16/02/2015 19:38:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2174 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by justin on Mon 02/16/2015 at 20:03:06.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\justin\AppData\Roaming\mozilla\firefox\profiles\vzbylbeh.default\prefs.js

user_pref("yahoo.ytff.search.searchhistory", false);
Emptied folder: C:\Users\justin\AppData\Roaming\mozilla\firefox\profiles\vzbylbeh.default\minidumps [50 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 20:07:39.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

justinklauer

2015-02-17, 03:36

I may not have ran JRT as administrator the first time so I ran it again, making sure it was as administrator and the log is below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by justin on Mon 02/16/2015 at 20:29:44.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 20:34:20.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2015-02-17, 12:43

I think things ran as expected and more was found and deleted.

S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

The above is what was found for Norton/Symantec but, from experience I know this is incomplete for this software. There is not enough listed as services and files and there are no registry entries usually found associated for this security protection.
We will remove these left overs after running an additional scan if any more items have been found. If you have already downloaded an antivirus of choice then skip the following procedure.

I need to instruct you to download an antivirus on your machine now.
~~

http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngavast! Free Anti-Virus (http://www.avast.com/en-gb/download-thank-you.php?product=FA-ONLINE&locale=en-gb) (free)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngAvira AntiVir Personal - Free Antivirus (http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/xUbJpW95.png.pagespeed.ic.Eg8QK7Uzqf.jpg (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) (free)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png]/img] (http://www.eset.co.uk/Download/Software/Home) ESET NOD32 Anti-Virus (http://www.eset.co.uk/Download/Software/Home) (paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png (http://www.kaspersky.co.uk/home-products) Kaspersky Anti-Virus (http://www.kaspersky.co.uk/home-products) ([i]paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpgEmsisoft Internet Security (http://www.emsisoft.de/en/software/internetsecurity/) (paid)

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

justinklauer

2015-02-18, 05:43

I downloaded Avast for my antivirus program. I also have Malwarebytes running. Should I download Spybot again also?

Eset Scan Log:

C:\Users\justin\Downloads\epson15217.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Juliet

2015-02-18, 12:40

I downloaded Avast for my antivirus program. I also have Malwarebytes running. Should I download Spybot again also?

Eset Scan Log:

C:\Users\justin\Downloads\epson15217.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Do we need to remove those Norton antivirus files that were found?
Do you have just 1 antivirus on the computer at this time?

What the Eset scan found was a file related to Epson printer, did you do a driver update recently?, not going to remove that because don't want the printer to start having issues.

How is your computer now?

justinklauer

2015-02-18, 13:38

Do we need to remove those Norton antivirus files that were found?
Do you have just 1 antivirus on the computer at this time?

What the Eset scan found was a file related to Epson printer, did you do a driver update recently?, not going to remove that because don't want the printer to start having issues.

How is your computer now?

I just have just Avast on the computer now, is that enoungh? I have Malwarebytes and was going to download Spybot again unless you think it would be overkill. If Norton is only partially there would it be a good idea to remove it or is not hurting anything as it is? Whatever you think is best for security on my computer.

I did just add an Epson printer a couple of weeks ago.

I haven't played much with the computer because I wanted to wait to get it clean. If you think we are good to go I will go back to my normal routine and see how it goes.

Again thank you very much for your help!!

Juliet

2015-02-18, 14:11

I just have just Avast on the computer now, is that enoungh? I have Malwarebytes and was going to download Spybot again unless you think it would be overkill. If Norton is only partially there would it be a good idea to remove it or is not hurting anything as it is? Whatever you think is best for security on my computer.

I did just add an Epson printer a couple of weeks ago.

I haven't played much with the computer because I wanted to wait to get it clean. If you think we are good to go I will go back to my normal routine and see how it goes.

Again thank you very much for your help!!

Avast will do a good job, I needed to make sure there was only 1 on the machine.

Having MBAM and SpyBot is not overkill. What one scanner doesn't find another might.

In my preventive tips I'll post more information on security tools and how to layer protection tools.

Let's remove the left over Norton files.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security
C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS
EmptyTemp:
CreateRestorePoint:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

justinklauer

2015-02-18, 14:44

I will take care of this when I am home from work and post the log.

Do you feel my computer is clean and safe to go back to my normal activities?

Juliet

2015-02-18, 15:10

From what I see coming back from the scans it appears to be in pretty good shape but, your the one who at the end has to make the call on that cause you use it I don't.
If something wasn't quite right I think you would now it by now :)

justinklauer

2015-02-19, 00:50

FRST 64 Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by justin at 2015-02-18 17:35:17 Run:2
Running from C:\Users\justin\Desktop
Loaded Profiles: justin (Available profiles: justin & Mcx1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security
C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS
EmptyTemp:
CreateRestorePoint:
End
*****************

Processes closed successfully.
Norton Internet Security => Service deleted successfully.
SRTSP => Service deleted successfully.
SRTSPX => Service deleted successfully.
"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" => File/Directory not found.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
"C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 35 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:37:13 ====

Juliet

2015-02-19, 01:13

That got it.

I think we're ready to remove tools and quarantine folders...

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings

Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

justinklauer

2015-02-19, 02:21

Again I would like to thank you for all your help!!!!

justinklauer

2015-02-19, 06:02

After downloading and installing Spybot again I rebooted in safe mode to run a scan as administrator. It came up with some things so I hit fix and then scanned my computer again and it still came up with some, not all, of the same low level threats I got on the first scan. I will post the log from the first scan and the log from the second below.

First Scan:

Search results from Spybot - Search & Destroy

2/18/2015 8:03:24 PM
Scan took 00:32:50.
17 items found.

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3PV35QSK\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=0ACE110E3B7B7FB402FE898BCBF36456
Properties.filedate=1424306705
Properties.filedatetext=2015-02-18 18:45:04

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Internet Explorer\TypedURLs

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)

Cache: [SBI $49804B54] Browser: Cache (21) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (4) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (46) (Browser: Cookie, nothing done)

--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-02-18 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-02-17 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-02-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-02-17 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-02-17 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Second Scan:

Search results from Spybot - Search & Destroy

2/18/2015 10:36:02 PM
Scan took 00:27:32.
5 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-857792936-1930506185-2255158582-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-02-18 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-02-17 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-02-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-02-17 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-02-17 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Juliet

2015-02-19, 12:58

What was found is not malicious but items found by using your computer.

You can clear this manually or with a tool.

~~~
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Delete cache and other browser data in Chrome

Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.

Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Auto-fill form data
Clear data from hosted apps
De-authorize content licenses

Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

~~~~~

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)

In Firefox, Options
Select Options
Select Privacy tab
Find the section that reads: You might want to clear your recent history or remove individual cookies
Select clear your recent history
Click the Details drop-down arrow
Make sure a check mark is placed in the following boxes:

Cookies
Cache

Next select the Time Range to Clear drop-down menu
Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
Click Clear Now

~~~~~~~~~~~~~

Clear Browser Cache in IE11

Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg, and then select theGeneral tab, then select Browsing history select the Delete button.
Select the check box next to each of the following categories.

Temporary Internet files and website files
Cookies and website data
History

Click Delete

~~~~

Please Run TFC by OldTimer to clear temporary files:
TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe ) and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Juliet

2015-02-22, 14:04

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.