View Full Version : Help!! Can't get rid of Win32.downloader.gen
I ran spybot 1.6.2 as an administrator. Still had the malware warning. :confused: I have run FRST64 and have the report. Also ran Tweaking and aswMBR and have those reports too. Let me now if want me to post them.
Please post:
FRST.txt
Addition.txt
aswMBR.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Tammy (administrator) on TAMMY-PC on 20-04-2015 13:55:33
Running from C:\Users\Tammy\Downloads
Loaded Profiles: Tammy (Available profiles: Tammy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Tammy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Config.Msi\131a99.rbf
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\Tammy\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Microsoft Corporation) C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-11-03] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-05] (Google Inc.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [Nike+ Connect] => "C:\Users\Tammy\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [Google+ Auto Backup] => C:\Users\Tammy\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [OneDrive] => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-10] (Microsoft Corporation)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Run: [GoogleChromeAutoLaunch_8423E159C7CC2E568F74861CE4C780AD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MountPoints2: {0069c35c-08ed-11e4-b458-c860002cc662} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MountPoints2: {0f5bf38b-912f-11e1-8a2b-c860002cc662} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MountPoints2: {9768cf9a-7b64-11e1-9c8d-c860002cc662} - E:\HPLauncher.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MountPoints2: {d11d97a6-6a0e-11e2-9ee9-c860002cc662} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MountPoints2: {d717113f-bd7d-11e1-895f-c860002cc662} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SCENIC~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-11-03]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-03-31]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-06-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-11-29] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-29] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-16] (Microsoft Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-29] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-15] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1314077811-2099038276-1502725153-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-1314077811-2099038276-1502725153-1000: @talk.google.com/O1DPlugin -> C:\Users\Tammy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-1314077811-2099038276-1502725153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1314077811-2099038276-1502725153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-28]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://msn.com/", "hxxp://search.conduit.com/?ctid=CT3287768&SearchSource=48&CUI=UN47885504562791232&UM=2", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={CCB34630-BD81-11E2-8407-C860002CC662}", "hxxp://mysearch.avg.com/?cid={478613B5-07D0-4E28-8032-1F9B3E0644D5}&mid=f6b64e95c4e747d3bd7c192946c82f91-d1918d15792a03611844f7cc1476e18c3d8fe0f0&lang=en&ds=co011&pr=sa&d=2013-06-11 17:20:06&v=15.2.0.5&pid=safeguard&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3321542&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF1B704C2-F048-493C-8284-4C60AC1664F8&SSPV="
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-04]
CHR Extension: (Poper Blocker) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-03-04]
CHR Extension: (Adblock Plus) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (Mahjongg) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2015-03-04]
CHR Extension: (Google Play Music) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-03-04]
CHR Extension: (AdBlock) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-04]
CHR Extension: (Avast Online Security) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Plants vs Zombies) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bblmmloknbmfjgdjcdmmgpajlebiciec] - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bblmmloknbmfjgdjcdmmgpajlebiciec] - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-29] (Avast Software)
R2 BackupService; C:\Users\Tammy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-29] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-29] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-29] (Avast Software)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [45056 2013-06-19] (ZOOM)
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 13:55 - 2015-04-20 13:56 - 00028180 _____ () C:\Users\Tammy\Downloads\FRST.txt
2015-04-20 13:54 - 2015-04-20 13:55 - 00000000 ____D () C:\FRST
2015-04-20 13:54 - 2015-04-20 13:54 - 02099712 _____ (Farbar) C:\Users\Tammy\Downloads\FRST64.exe
2015-04-20 13:51 - 2015-04-20 13:52 - 00000000 ____D () C:\Users\Tammy\Desktop\Tweaking
2015-04-20 13:51 - 2015-04-20 13:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TAMMY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-20 13:48 - 2015-04-20 13:48 - 00000000 ____D () C:\RegBackup
2015-04-20 13:47 - 2015-04-20 13:47 - 04720448 _____ () C:\Users\Tammy\Downloads\tweaking.com_registry_backup_setup (1).exe
2015-04-20 13:45 - 2015-04-20 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-20 13:45 - 2015-04-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-20 13:44 - 2015-04-20 13:44 - 04720448 _____ () C:\Users\Tammy\Downloads\tweaking.com_registry_backup_setup.exe
2015-04-20 13:21 - 2015-04-20 13:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tammy\Downloads\tdsskiller (1).exe
2015-04-20 13:14 - 2015-04-20 13:14 - 00461000 _____ (Kaspersky Lab ZAO) C:\Users\Tammy\Downloads\rannohdecryptor.exe
2015-04-20 12:40 - 2015-04-20 12:40 - 00000000 ___HD () C:\OneDriveTemp
2015-04-19 13:13 - 2015-04-19 17:37 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-04-19 13:12 - 2015-04-19 17:37 - 00000000 ____D () C:\Program Files (x86)\Stronghold AntiMalware
2015-04-18 19:41 - 2015-04-18 19:41 - 00000000 _____ () C:\Windows\SysWOW64\shoA62C.tmp
2015-04-18 19:29 - 2015-04-18 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-18 19:28 - 2015-04-18 19:29 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-18 19:28 - 2015-04-18 19:29 - 00000000 ____D () C:\Program Files\iTunes
2015-04-18 19:28 - 2015-04-18 19:28 - 00000000 ____D () C:\Program Files\iPod
2015-04-18 19:28 - 2015-04-18 19:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-15 12:23 - 2015-04-15 12:23 - 03531811 _____ () C:\Users\Tammy\Downloads\My Life On The Swingset - Adventures in Swinging & Polyamory - Cooper S Beckett.epub
2015-04-15 09:58 - 2015-04-15 09:58 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 17:45 - 2015-04-14 17:45 - 20721534 _____ () C:\Users\Tammy\Downloads\attachments.zip
2015-04-13 17:13 - 2015-04-13 17:13 - 00000000 ____D () C:\Users\Tammy\AppData\Local\{9AD8CDC7-9DC4-43C9-9540-528E212BC6A2}
2015-04-10 11:44 - 2015-04-10 11:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\{774191B1-A474-4FD1-9486-825256460B15}
2015-04-09 22:29 - 2015-04-09 22:29 - 06289130 _____ () C:\Users\Tammy\Downloads\mbam-chameleon-3.1.16.0.zip
2015-04-09 22:22 - 2015-04-09 22:23 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Tammy\Downloads\tdsskiller.exe
2015-04-09 11:03 - 2015-04-10 13:10 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CutePDF Writer
2015-04-09 10:53 - 2015-04-09 10:54 - 02395080 _____ (Acro Software Inc. ) C:\Users\Tammy\Downloads\CuteWriter (1).exe
2015-04-07 21:19 - 2015-04-07 21:19 - 00000000 _____ () C:\Windows\SysWOW64\sho477C.tmp
2015-04-04 11:10 - 2015-04-19 17:37 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:10 - 2015-04-04 11:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-30 15:18 - 2015-03-30 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2015-03-30 15:18 - 2015-03-30 15:18 - 00000000 ____D () C:\Program Files (x86)\OverDrive for Windows
2015-03-30 15:15 - 2015-03-30 15:15 - 04428800 _____ () C:\Users\Tammy\Downloads\ODMediaConsoleSetup (1).msi
2015-03-30 15:12 - 2015-03-30 15:12 - 00005257 _____ () C:\Users\Tammy\Downloads\MazeRunner-55433 (1).odm
2015-03-30 15:11 - 2015-03-30 15:12 - 00005257 _____ () C:\Users\Tammy\Downloads\MazeRunner-55433.odm
2015-03-26 21:14 - 2015-03-26 21:14 - 00000000 _____ () C:\Windows\SysWOW64\sho40B4.tmp
2015-03-25 19:39 - 2015-03-25 19:39 - 00000000 _____ () C:\Windows\SysWOW64\sho40F7.tmp
2015-03-25 19:10 - 2015-03-25 19:10 - 00009719 _____ () C:\Users\Tammy\Documents\Attendance Roster.xlsx
2015-03-24 17:49 - 2015-04-09 19:27 - 00000000 ___RD () C:\Users\Tammy\MediaFire
2015-03-24 17:34 - 2015-03-23 11:40 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mfmonitor_x64.sys
2015-03-24 17:32 - 2015-03-24 17:33 - 62828368 _____ (MediaFire) C:\Users\Tammy\Downloads\MediaFireDesktop-1.4.25.10813-windows-PRODUCTION.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 13:52 - 2012-05-17 22:51 - 00000031 _____ () C:\Users\Tammy\Desktop\Settings.ini
2015-04-20 13:32 - 2012-05-03 10:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 13:32 - 2012-03-31 15:44 - 01535427 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 13:17 - 2012-04-10 19:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 13:15 - 2011-11-03 06:19 - 00791418 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 13:15 - 2009-07-14 01:13 - 00791418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 13:10 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-20 13:09 - 2015-03-17 16:12 - 00004972 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tammy-PC-Tammy Tammy-PC
2015-04-20 13:05 - 2012-04-05 17:03 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000UA.job
2015-04-20 12:59 - 2012-04-08 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 12:48 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 12:48 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 12:41 - 2014-02-08 19:31 - 00000000 ___RD () C:\Users\Tammy\Dropbox
2015-04-20 12:41 - 2014-02-08 19:28 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Dropbox
2015-04-20 12:40 - 2013-07-04 15:25 - 00000000 ___RD () C:\Users\Tammy\SkyDrive
2015-04-20 12:40 - 2012-03-31 13:20 - 00000000 ___HD () C:\ASUS.DAT
2015-04-20 12:39 - 2013-04-02 17:42 - 00000000 ____D () C:\Temp
2015-04-20 12:39 - 2012-03-31 16:03 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-04-20 12:38 - 2012-05-03 10:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 12:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 12:38 - 2009-07-14 00:51 - 00218936 _____ () C:\Windows\setupact.log
2015-04-19 20:04 - 2012-04-03 10:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4669EC16-6B73-4D6C-B235-23DF8103C9F7}
2015-04-19 17:37 - 2014-12-11 09:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 17:37 - 2014-05-06 17:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 17:37 - 2012-07-28 15:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-19 17:37 - 2012-03-31 16:00 - 00000000 ____D () C:\ProgramData\P4G
2015-04-19 17:37 - 2012-03-31 13:19 - 00000000 ____D () C:\Users\Tammy
2015-04-19 17:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-19 17:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-19 17:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-19 16:20 - 2012-07-28 15:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-19 16:17 - 2012-07-28 15:09 - 00000000 ____D () C:\Program Files\Google
2015-04-19 16:17 - 2012-04-20 22:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-19 16:17 - 2011-11-03 05:57 - 00764410 _____ () C:\Windows\PFRO.log
2015-04-19 16:14 - 2013-11-14 12:58 - 00000000 ____D () C:\ProgramData\Native Instruments
2015-04-19 16:14 - 2013-11-14 12:58 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2015-04-19 16:14 - 2013-11-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Mixxx
2015-04-19 16:08 - 2014-07-03 12:56 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Steinberg
2015-04-19 16:01 - 2014-08-19 18:39 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2015-04-19 16:01 - 2014-07-03 12:56 - 00000000 ____D () C:\Program Files\Steinberg
2015-04-19 16:01 - 2012-04-05 17:03 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Google
2015-04-19 14:49 - 2014-05-21 17:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 00:09 - 2013-07-25 17:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-18 19:28 - 2012-04-01 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-18 19:22 - 2012-04-05 17:03 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000Core.job
2015-04-15 09:59 - 2012-04-08 19:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 09:59 - 2012-04-08 19:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 09:59 - 2012-04-08 19:50 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 17:03 - 2014-01-21 15:16 - 00000000 ____D () C:\Users\Tammy\Desktop\Outriders
2015-04-09 23:02 - 2014-05-21 16:12 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 19:35 - 2014-02-08 19:29 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 23:03 - 2013-05-15 13:06 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2015-04-06 21:44 - 2012-04-20 18:35 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Skype
2015-04-06 14:42 - 2014-08-01 12:57 - 00000000 ____D () C:\Users\Tammy\Documents\SGR
2015-04-06 00:41 - 2012-11-24 17:40 - 00014227 _____ () C:\Users\Tammy\Documents\savings.xlsx
2015-03-30 10:06 - 2009-07-14 01:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-24 20:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-24 17:58 - 2012-03-31 16:01 - 00002888 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-24 17:58 - 2012-03-31 16:01 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-24 17:47 - 2012-03-31 13:20 - 00115376 _____ () C:\Users\Tammy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 17:40 - 2009-07-14 00:45 - 00441136 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2014-08-19 18:44 - 2014-08-19 18:44 - 0000000 _____ () C:\Users\Tammy\AppData\Roaming\PDFConverterApp
2013-02-25 19:20 - 2014-03-02 10:37 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-31 16:05 - 2012-03-31 16:05 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-31 16:04 - 2012-03-31 16:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-31 16:04 - 2012-03-31 16:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\converter.exe
C:\Users\Tammy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3t9o1.dll
C:\Users\Tammy\AppData\Local\Temp\ft7wgjdz.dll
C:\Users\Tammy\AppData\Local\Temp\GoogleToolbarStandaloneSetup_7_5_4501_1952.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Tammy\AppData\Local\Temp\ochelper.exe
C:\Users\Tammy\AppData\Local\Temp\shutdown1427233000.exe
C:\Users\Tammy\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-15 11:15
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Tammy at 2015-04-20 13:56:41
Running from C:\Users\Tammy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
H-Series_ASIO64 (HKLM\...\{5ACDFB68-D994-48E0-A579-2AFA6B851710}) (Version: 2.0.0.3 - ZOOM)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\MusicManager) (Version: - Google, Inc.)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
05-11-2014 11:12:54 Windows Update
11-11-2014 15:58:13 Windows Update
11-11-2014 22:10:11 Windows Update
15-11-2014 10:46:41 Windows Update
18-11-2014 17:53:03 Windows Update
18-11-2014 18:35:06 Windows Update
24-11-2014 14:08:33 Windows Update
29-11-2014 14:40:25 avast! antivirus system restore point
29-11-2014 14:46:12 Windows Update
30-11-2014 18:22:56 Installed OverDrive for Windows
02-12-2014 15:56:51 Windows Update
09-12-2014 17:48:18 Windows Update
09-12-2014 18:09:27 Windows Update
12-12-2014 11:42:03 Windows Update
17-12-2014 08:40:27 Windows Update
17-12-2014 16:18:27 Windows Update
18-12-2014 15:48:41 Windows Update
27-12-2014 12:41:58 Windows Update
30-12-2014 16:32:00 Windows Update
02-01-2015 17:55:19 Windows Update
06-01-2015 18:30:52 Windows Update
09-01-2015 19:38:02 Windows Update
13-01-2015 17:39:37 Windows Update
13-01-2015 22:26:04 Windows Update
20-01-2015 12:14:10 Windows Update
21-01-2015 19:24:04 Windows Update
27-01-2015 12:48:42 Windows Update
30-01-2015 17:19:39 Windows Update
07-02-2015 13:03:50 Windows Update
10-02-2015 14:41:33 Windows Update
10-02-2015 17:09:17 Windows Update
10-02-2015 18:22:39 Windows Update
12-02-2015 22:42:21 Windows Update
14-02-2015 17:25:31 Windows Update
24-02-2015 15:32:19 Scheduled Checkpoint
26-02-2015 12:18:24 Windows Update
26-02-2015 14:23:21 Windows Update
04-03-2015 14:17:49 Windows Update
04-03-2015 17:08:55 Windows Update
10-03-2015 09:55:06 Windows Update
10-03-2015 10:31:20 Windows Update
13-03-2015 18:08:16 Windows Update
13-03-2015 21:37:19 Windows Update
17-03-2015 16:27:19 Windows Update
21-03-2015 13:36:05 Windows Update
27-03-2015 13:16:38 Windows Update
30-03-2015 15:16:33 Installed OverDrive for Windows
31-03-2015 10:07:14 Windows Update
03-04-2015 21:24:37 Windows Update
04-04-2015 11:06:17 Windows Update
07-04-2015 20:25:10 Windows Update
14-04-2015 17:19:50 Windows Update
18-04-2015 19:35:50 Windows Update
18-04-2015 23:52:08 Windows Update
19-04-2015 15:58:59 Removed Steinberg Cubase LE AI Elements 6 64bit
19-04-2015 16:03:36 Removed Steinberg Groove Agent ONE Vintage Beatboxes
19-04-2015 16:04:32 Removed Steinberg HALion Sonic SE Content for Cubase LE AI Elements
19-04-2015 16:05:42 Removed Steinberg Groove Agent ONE Content
19-04-2015 16:07:03 Removed Steinberg HALion Sonic SE 64bit
20-04-2015 12:49:34 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05EE5811-052E-4554-857B-C9408BB13BD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0C05827F-96F5-45EA-9E1C-038087DB46D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {12BFB9CA-3002-40DB-AB06-D5DC2121EB63} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {15DF281F-523F-46BA-8C7B-BA5C75E6F59C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {170900AE-D9E4-4A11-88DC-3C8208346B4D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {17D6CF0C-5DAF-4E43-BF90-DB4E7140A1DB} - System32\Tasks\{5E5D5300-6C17-41E2-A709-885599A9AAE9} => pcalua.exe -a C:\Users\Tammy\AppData\Local\Temp\Temp1_usb_asio.zip\usb_asio_WIN32_2.8.45\Setup.exe
Task: {2157443F-2011-410D-A33A-92D29EAA3DC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {2768940E-B38B-49F6-A666-25CAAB08DAB2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Tammy-PC-Tammy Tammy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-16] (Microsoft Corporation)
Task: {2A2275D3-053A-4E5E-87DC-5B0C3A172FAC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {2ACE8548-000A-475A-8BDB-2F39C2DF1A6C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {3DA57175-3972-476D-92C4-AEB4D94B9E0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {43DFEAC1-2D12-4F7E-86CD-3DD6178B428E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {52FB031D-9334-4B8D-BA95-E49BDA7725CD} - System32\Tasks\4701 => Wscript.exe C:\Users\Tammy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {557846EA-1540-4181-BDB5-60D1723FB297} - System32\Tasks\{99AE100A-F19B-4C76-950F-4173CBB46D65} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {687D2D16-2BD1-4B79-97BB-611D2D859119} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {74BE75F8-B00C-4078-95FB-CF7C2DCD028B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-29] (AVAST Software)
Task: {83180197-57E4-4ECF-A52A-70EFA51B84AE} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {84739ED6-161A-4A36-A2D2-6BAC60B71B24} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {8756051D-B5A2-4DB2-B057-F1B2BC9E87C8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {989FB266-2092-47C5-A439-A0A91A668FB2} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {A00E38E2-4C30-49D8-B3D1-963DA359D36A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B98C2BC5-FEBF-4F2C-A1C4-5FA884A7A96C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {BC89A29D-D629-44D7-B576-E7767C7EFF77} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {E33A997A-15E4-4520-9FFB-495576226602} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E6EC51A2-77B6-45B7-B5E2-56CB86F98A38} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {ECDF689E-04AF-405A-B667-29BCC591CF3A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {F1A50913-019B-42C6-94D4-534E289D6AB4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F5906AE5-FB30-40A2-A989-11EACC4EBE2F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {F9F09735-EBD7-4A53-B263-DB60BB99C475} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314077811-2099038276-1502725153-1000UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-04 18:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2015-03-16 13:34 - 2015-03-16 13:34 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-12-20 07:55 - 2011-07-26 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-20 07:56 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2015-04-19 16:23 - 2015-04-19 16:23 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041901\algo.dll
2011-12-06 19:21 - 2011-12-06 19:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-13 07:15 - 2015-02-13 07:15 - 03219456 _____ () C:\Users\Tammy\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2011-08-17 18:37 - 2011-08-17 18:37 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2007-07-12 14:11 - 2007-07-12 14:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-03-13 18:57 - 2015-03-13 18:57 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-15 10:02 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 10:02 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-20 12:40 - 2015-04-20 12:40 - 00043008 _____ () c:\users\tammy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3t9o1.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Tammy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-16 13:35 - 2015-03-16 13:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\...\123simsen.com -> www.123simsen.com
There are 7778 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== Accounts: =============================
Administrator (S-1-5-21-1314077811-2099038276-1502725153-500 - Administrator - Disabled)
Guest (S-1-5-21-1314077811-2099038276-1502725153-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1314077811-2099038276-1502725153-1004 - Limited - Enabled)
Tammy (S-1-5-21-1314077811-2099038276-1502725153-1000 - Administrator - Enabled) => C:\Users\Tammy
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1652051
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1652051
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 172912
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 172912
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 08:57:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10452
System errors:
=============
Error: (04/20/2015 00:41:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (04/20/2015 00:38:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE
Error: (04/19/2015 10:32:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (04/19/2015 04:26:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (04/19/2015 04:22:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (04/19/2015 04:19:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE
Error: (04/19/2015 04:18:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053
Error: (04/19/2015 04:18:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
Error: (04/19/2015 02:00:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE
Error: (04/19/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053
Microsoft Office Sessions:
=========================
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1652051
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1652051
Error: (04/19/2015 10:32:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
Error: (04/19/2015 10:04:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 172912
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 172912
Error: (04/19/2015 08:59:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/19/2015 08:57:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10452
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3873.14 MB
Available physical RAM: 1244.47 MB
Total Pagefile: 7744.47 MB
Available Pagefile: 4052.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:22.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-04-20 14:02:32
-----------------------------
14:02:32.570 OS Version: Windows x64 6.1.7601 Service Pack 1
14:02:32.570 Number of processors: 4 586 0x2A07
14:02:32.571 ComputerName: TAMMY-PC UserName: Tammy
14:02:35.199 Initialize success
14:02:35.224 VM: initialized successfully
14:02:35.227 VM: Intel CPU supported virtualized
14:02:37.905 VM: supported disk I/O iaStor.sys
14:02:42.456 AVAST engine defs: 15041901
14:02:45.148 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:02:45.155 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
14:02:46.148 VM: Disk 0 MBR read successfully
14:02:46.156 Disk 0 MBR scan
14:02:46.168 Disk 0 Windows 7 default MBR code
14:02:46.211 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
14:02:46.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 451338 MB offset 52430848
14:02:46.243 Disk 0 default boot code
14:02:46.399 Disk 0 scanning C:\Windows\system32\drivers
14:03:12.187 Service scanning
14:03:42.491 Modules scanning
14:03:42.514 Disk 0 trace - called modules:
14:03:42.556 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:03:42.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007009060]
14:03:42.580 3 CLASSPNP.SYS[fffff88000db943f] -> nt!IofCallDriver -> [0xfffffa8004909540]
14:03:42.587 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800490f050]
14:03:44.121 AVAST engine scan C:\Windows
14:04:32.767 AVAST engine scan C:\Windows\system32
14:08:01.914 AVAST engine scan C:\Windows\system32\drivers
14:08:18.455 AVAST engine scan C:\Users\Tammy
14:11:20.126 Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
14:11:20.144 The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://msn.com/", "hxxp://search.conduit.com/?ctid=CT3287768&SearchSource=48&CUI=UN47885504562791232&UM=2", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={CCB34630-BD81-11E2-8407-C860002CC662}", "hxxp://mysearch.avg.com/?cid={478613B5-07D0-4E28-8032-1F9B3E0644D5}&mid=f6b64e95c4e747d3bd7c192946c82f91-d1918d15792a03611844f7cc1476e18c3d8fe0f0&lang=en&ds=co011&pr=sa&d=2013-06-11 17:20:06&v=15.2.0.5&pid=safeguard&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3321542&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF1B704C2-F048-493C-8284-4C60AC1664F8&SSPV="
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
C:\Users\Tammy\AppData\Local\Temp\converter.exe
C:\Users\Tammy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3t9o1.dll
C:\Users\Tammy\AppData\Local\Temp\ft7wgjdz.dll
C:\Users\Tammy\AppData\Local\Temp\GoogleToolbarStandaloneSetup_7_5_4501_1952.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Tammy\AppData\Local\Temp\ochelper.exe
C:\Users\Tammy\AppData\Local\Temp\shutdown1427233000.exe
C:\Users\Tammy\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {52FB031D-9334-4B8D-BA95-E49BDA7725CD} - System32\Tasks\4701 => Wscript.exe C:\Users\Tammy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E33A997A-15E4-4520-9FFB-495576226602} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E6EC51A2-77B6-45B7-B5E2-56CB86F98A38} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~
http://i.imgur.com/BY4dvz9.png [b]AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
[b]-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Tammy at 2015-04-23 09:44:18 Run:1
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://msn.com/", "hxxp://search.conduit.com/?ctid=CT3287768&SearchSource=48&CUI=UN47885504562791232&UM=2", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={CCB34630-BD81-11E2-8407-C860002CC662}", "hxxp://mysearch.avg.com/?cid={478613B5-07D0-4E28-8032-1F9B3E0644D5}&mid=f6b64e95c4e747d3bd7c192946c82f91-d1918d15792a03611844f7cc1476e18c3d8fe0f0&lang=en&ds=co011&pr=sa&d=2013-06-11 17:20:06&v=15.2.0.5&pid=safeguard&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3321542&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF1B704C2-F048-493C-8284-4C60AC1664F8&SSPV="
CHR HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bblmmloknbmfjgdjcdmmgpajlebiciec] - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bblmmloknbmfjgdjcdmmgpajlebiciec] - C:\Users\Tammy\AppData\Local\CRE\bblmmloknbmfjgdjcdmmgpajlebiciec.crx [Not Found]
C:\Users\Tammy\AppData\Local\Temp\converter.exe
C:\Users\Tammy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3t9o1.dll
C:\Users\Tammy\AppData\Local\Temp\ft7wgjdz.dll
C:\Users\Tammy\AppData\Local\Temp\GoogleToolbarStandaloneSetup_7_5_4501_1952.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tammy\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Tammy\AppData\Local\Temp\ochelper.exe
C:\Users\Tammy\AppData\Local\Temp\shutdown1427233000.exe
C:\Users\Tammy\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {52FB031D-9334-4B8D-BA95-E49BDA7725CD} - System32\Tasks\4701 => Wscript.exe C:\Users\Tammy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E33A997A-15E4-4520-9FFB-495576226602} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E6EC51A2-77B6-45B7-B5E2-56CB86F98A38} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
Chrome StartupUrls deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000\SOFTWARE\Google\Chrome\Extensions\bblmmloknbmfjgdjcdmmgpajlebiciec" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bblmmloknbmfjgdjcdmmgpajlebiciec" => Key deleted successfully.
C:\Users\Tammy\AppData\Local\Temp\converter.exe => Moved successfully.
"C:\Users\Tammy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3t9o1.dll" => File/Directory not found.
C:\Users\Tammy\AppData\Local\Temp\ft7wgjdz.dll => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\GoogleToolbarStandaloneSetup_7_5_4501_1952.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\jre-8u25-windows-au.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\ochelper.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\shutdown1427233000.exe => Moved successfully.
C:\Users\Tammy\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-1314077811-2099038276-1502725153-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52FB031D-9334-4B8D-BA95-E49BDA7725CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52FB031D-9334-4B8D-BA95-E49BDA7725CD}" => Key deleted successfully.
C:\Windows\System32\Tasks\4701 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4701" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E33A997A-15E4-4520-9FFB-495576226602}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E33A997A-15E4-4520-9FFB-495576226602}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6EC51A2-77B6-45B7-B5E2-56CB86F98A38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6EC51A2-77B6-45B7-B5E2-56CB86F98A38}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 09:49:18 ====
# AdwCleaner v4.201 - Logfile created 23/04/2015 at 11:32:41
# Updated 08/04/2015 by Xplode
# Database : 2015-04-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tammy - TAMMY-PC
# Running from : C:\Users\Tammy\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\Program Files (x86)\AtuZi
Folder Deleted : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
File Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\usyndication.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.90
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.tjmaxx.com/tjx/search_results.aspx?postcode={searchTerms}&x=0&y=0
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=daemang&ac_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3283894&SearchSource=45&q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.bearshare.com//web?src=crb&appid=810&systemid=2&sr=0&q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.diamondback.com/SearchResults.aspx?q={searchTerms}&p={startPage?}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321542&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF1B704C2-F048-493C-8284-4C60AC1664F8&q={searchTerms}&SSPV=
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
*************************
AdwCleaner[R0].txt - [6341 bytes] - [19/12/2013 11:10:56]
AdwCleaner[R1].txt - [6405 bytes] - [19/12/2013 11:18:33]
AdwCleaner[R2].txt - [1401 bytes] - [31/12/2013 11:24:25]
AdwCleaner[R3].txt - [3396 bytes] - [23/04/2015 11:19:03]
AdwCleaner[R4].txt - [3455 bytes] - [23/04/2015 11:30:44]
AdwCleaner[S0].txt - [6244 bytes] - [19/12/2013 11:19:42]
AdwCleaner[S1].txt - [1366 bytes] - [31/12/2013 11:25:11]
AdwCleaner[S2].txt - [3366 bytes] - [23/04/2015 11:32:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3425 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Tammy on Thu 04/23/2015 at 11:02:45.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{157D4705-BECE-4002-9489-D0CDE6185626}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{266A8249-437E-40C3-A1F5-A136620018F5}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{2F248818-6BDA-4481-9CAF-B1E9D452EC40}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{4E12C66B-8A27-43DE-9048-EA39F3C6A2F2}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{774191B1-A474-4FD1-9486-825256460B15}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{9AD8CDC7-9DC4-43C9-9540-528E212BC6A2}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{D961E277-22FB-4F56-89FD-6E45ACA141FB}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{E9FCD3A6-9239-4E8B-8AFC-DEE5242A989C}
Successfully deleted: [Empty Folder] C:\Users\Tammy\appdata\local\{F4961AB1-133D-4F13-8C8D-B368F1FD0268}
Successfully deleted: [Folder] C:\Program Files (x86)\searchprotect
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\Users\Tammy\AppData\Roaming\systweak
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/23/2015 at 11:13:11.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Good deal, it found a good amount of items to remove.
Open Malwarebytes Anti-Malware
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
Please also tell me how the computer is now.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/23/2015
Scan Time: 12:52:40 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.04.23.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tammy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348309
Time Elapsed: 18 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
It seems to be rebooting faster.
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please run a free online scan with the ESET Online Scanner
US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/
Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Tammy\Downloads\CuteWriter (1).exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Tammy\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Tammy\Downloads\PDFConverterSetup.exe a variant of Win32/InstallBrain.CO potentially unwanted application
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659 (1).exe
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659.exe
C:\Users\Tammy\Downloads\CuteWriter (1).exe
C:\Users\Tammy\Downloads\CuteWriter.exe
C:\Users\Tammy\Downloads\PDFConverterSetup.exe
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
How's the computer now?
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Tammy at 2015-04-23 22:28:47 Run:3
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659 (1).exe
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659.exe
C:\Users\Tammy\Downloads\CuteWriter (1).exe
C:\Users\Tammy\Downloads\CuteWriter.exe
C:\Users\Tammy\Downloads\PDFConverterSetup.exe
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659 (1).exe => Moved successfully.
C:\Users\Tammy\Downloads\cbsidlm-cbsi188-USB_Audio_ASIO_Driver-SEO-10066659.exe => Moved successfully.
C:\Users\Tammy\Downloads\CuteWriter (1).exe => Moved successfully.
C:\Users\Tammy\Downloads\CuteWriter.exe => Moved successfully.
C:\Users\Tammy\Downloads\PDFConverterSetup.exe => Moved successfully.
EmptyTemp: => Removed 485.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 22:29:33 ====
it booted up so fast. is the trojan gone now? Is there a protection service you recommend to be the best. I will no longer go to peer to peer sharing sites. I think that is where I got it from. Avast? Malware? McAfee? Is there a really good one with great firewall and the works that doesn't cost an arm and a leg? Or the best freeware? Thank you thank you thank you so much for doing what you do and helping me with this fix. I may look to see if the other computer in the house has the same problem. It probably does.
Glad to hear it booted fast and yes, I think the infection is gone.
As for antivirus and firewalls, let me post information
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngavast! Free Anti-Virus (http://www.avast.com/en-gb/download-thank-you.php?product=FA-ONLINE&locale=en-gb) (free)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/8fj6i2U.png.pagespeed.ce.RUYs43FaJ5.pngAvira AntiVir Personal - Free Antivirus (http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html)
http://1-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/xUbJpW95.png.pagespeed.ic.Eg8QK7Uzqf.jpg (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) (free)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png (http://www.eset.co.uk/Download/Software/Home) ESET NOD32 Anti-Virus (http://www.eset.co.uk/Download/Software/Home) (paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png (http://www.kaspersky.co.uk/home-products) Kaspersky Anti-Virus (http://www.kaspersky.co.uk/home-products) (paid)
http://2-ps.googleusercontent.com/x/www.geekstogo.com/i.imgur.com/x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpgEmsisoft Internet Security (http://www.emsisoft.de/en/software/internetsecurity/) (paid)
As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.
~~~~~~~~~~~~~~~~
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Create registry backup
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.