omega-plus malware log files attached

**nlpdave** · 2015-02-17, 15:17

Logs now attached for the omega-plus infection

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by nlpdave (administrator) on NLPDAVE-PC on 17-02-2015 14:06:11
Running from C:\Users\nlpdave\Desktop
Loaded Profiles: nlpdave (Available profiles: nlpdave & hipdave)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Just Develop It) C:\Program Files\JustCloud\BackupStack.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(http://www.android-sync.com) C:\Program Files\Android-Sync\AndroidSync.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Android-Sync\bin\adb.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nosibay) C:\Users\nlpdave\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(JustCloud.com) C:\Program Files\JustCloud\JustCloud.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AndroidSync] => C:\Program Files\Android-Sync\AndroidSync.exe [6183856 2014-12-28] (http://www.android-sync.com)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [GoogleChromeAutoLaunch_BE23CE925313BBF5FBD06A494EC6A01F] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Selection Tools] => C:\Users\nlpdave\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [1510160 2014-12-16] (Nosibay)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\System32\C2MP\UpdateChecker.exe ()
Startup: C:\Users\hipdave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk
ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ybs.co.uk/index.html
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1423752836&from=ild&uid=M4-CT256M4SSD2_0000000012530922F266&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1423752836&from=ild&uid=M4-CT256M4SSD2_0000000012530922F266&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> 73F74BDE4BB14904BD740A8633F6322F URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\nlpdave\AppData\Roaming\Mozilla\Firefox\Profiles\w79ca5s8.default-1424162172088
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\nlpdave\AppData\Roaming\Mozilla\Firefox\Profiles\daetxs2x.default-1422827551643\extensions\fftoolbar2014@etech.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=...0012530922F266

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> F65B569EDD18076316D2D9B4B193557E20F7ABBF564E29E90323403582BDFB77
CHR DefaultSearchURL: Default -> 8ABC8FD2299E716FB757CA0AB2D698F91BE0A143674C3E6F0C3617663D83D8F7
CHR Profile: C:\Users\nlpdave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Vosteran New Tab) - C:\Users\nlpdave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2014-12-31]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=...0012530922F266

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-12] (globalUpdate) [File not signed]
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 nvservice; C:\Windows\system32\nvservice.exe [160544 2013-02-04] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-13] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2014-04-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\Users\nlpdave\AppData\Local\Temp\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 14:06 - 2015-02-17 14:06 - 00013033 _____ () C:\Users\nlpdave\Desktop\FRST.txt
2015-02-15 13:25 - 2015-02-15 10:55 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20150215-132516.backup
2015-02-15 12:43 - 2015-02-15 12:27 - 01125888 _____ (Farbar) C:\Users\nlpdave\Desktop\FRST.exe
2015-02-15 12:40 - 2015-02-15 12:40 - 00000619 _____ () C:\Users\nlpdave\Desktop\aswMBR.txt
2015-02-15 12:29 - 2015-02-15 12:30 - 00032705 _____ () C:\Users\nlpdave\Downloads\Addition.txt
2015-02-15 12:28 - 2015-02-17 14:06 - 00000000 ____D () C:\FRST
2015-02-15 12:28 - 2015-02-15 12:30 - 00028597 _____ () C:\Users\nlpdave\Downloads\FRST.txt
2015-02-15 12:27 - 2015-02-15 12:27 - 01125888 _____ (Farbar) C:\Users\nlpdave\Downloads\FRST.exe
2015-02-15 12:25 - 2015-02-15 12:25 - 05198336 _____ (AVAST Software) C:\Users\nlpdave\Downloads\aswMBR.exe
2015-02-15 11:30 - 2015-02-15 11:30 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-15 11:30 - 2015-02-15 11:30 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-15 11:30 - 2015-02-15 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-15 11:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 11:05 - 2015-02-15 11:06 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\nlpdave\Downloads\spybot2-license(2).exe
2015-02-15 11:01 - 2015-02-15 11:01 - 00019913 _____ () C:\ComboFix.txt
2015-02-15 10:36 - 2015-02-15 11:01 - 00000000 ____D () C:\ComboFix
2015-02-15 10:36 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 10:36 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 10:36 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 10:33 - 2015-02-15 11:01 - 00000000 ____D () C:\Qoobox
2015-02-14 17:39 - 2015-02-14 17:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\nlpdave\Downloads\SpyHunter-Installer.exe
2015-02-13 13:28 - 2015-02-13 13:28 - 00005136 _____ () C:\Windows\system32\LavasoftTcpService.ini
2015-02-13 13:28 - 2015-02-13 13:28 - 00002832 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-13 13:28 - 2015-02-13 13:28 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Lavasoft
2015-02-13 13:28 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-02-13 13:27 - 2015-02-13 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-13 13:27 - 2015-02-13 13:27 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-13 13:26 - 2015-02-13 13:26 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Lavasoft
2015-02-13 13:26 - 2015-02-13 13:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-13 13:25 - 2015-02-13 13:25 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\OpenCandy
2015-02-13 13:24 - 2015-02-13 13:25 - 00000000 ____D () C:\Windows\system32\C2MP
2015-02-13 13:24 - 2015-02-13 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2015-02-13 13:23 - 2015-02-13 13:23 - 23229320 _____ (Windows 7 - Codec Pack) C:\Users\nlpdave\Downloads\windows.7.codec.pack.v4.1.0.setup(1).exe
2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\nlpdave\Documents\OFX Presets
2015-02-12 15:21 - 2015-02-12 15:21 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Publish Providers
2015-02-12 15:15 - 2015-02-12 15:15 - 00000000 ____D () C:\ProgramData\Sony
2015-02-12 15:15 - 2015-02-12 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-12 15:08 - 2015-02-12 15:08 - 00000000 ____D () C:\Users\nlpdave\Downloads\Sony Vegas Pro 11
2015-02-12 15:03 - 2015-02-12 15:03 - 00001669 _____ () C:\Windows\system32\${LOGFILE}
2015-02-12 14:53 - 2015-02-12 14:53 - 00000078 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.installation.log
2015-02-12 14:53 - 2015-02-12 14:53 - 00000078 _____ () C:\Users\nlpdave\AppData\Roaming\Selection Tools.installation.log
2015-02-12 14:53 - 2015-02-12 14:53 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\WTools
2015-02-12 14:53 - 2015-02-12 14:53 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Store
2015-02-12 14:52 - 2015-02-12 15:03 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Nosibay
2015-02-12 14:52 - 2015-02-12 14:53 - 00005785 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.installation.log
2015-02-12 14:52 - 2015-02-12 14:53 - 00001297 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.boostrap.log
2015-02-12 14:52 - 2015-02-12 14:52 - 00000097 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.boostrap.log
2015-02-12 14:51 - 2015-02-17 08:56 - 00000882 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-12 14:51 - 2015-02-16 20:36 - 00000878 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-12 14:51 - 2015-02-14 10:29 - 00000000 ____D () C:\Program Files\50df918c-726a-4302-9975-983bfd65dffa
2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\globalUpdate
2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\Program Files\globalUpdate
2015-02-12 14:50 - 2015-02-14 10:32 - 00000000 ____D () C:\Program Files\ClickMovie1-Downloaderv10
2015-02-12 14:50 - 2015-02-12 14:50 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Cool_Mirage
2015-02-12 14:47 - 2015-02-12 14:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-12 14:44 - 2015-02-12 14:44 - 00408816 _____ () C:\Users\nlpdave\Downloads\Sony_Vegas_Pro_9_Serial.exe
2015-02-12 14:37 - 2015-02-12 15:20 - 00002444 _____ () C:\Users\nlpdave\Documents\Register Vegas Pro.htm
2015-02-12 14:27 - 2015-02-13 11:12 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Sony
2015-02-12 14:27 - 2015-02-12 14:28 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Sony
2015-02-06 11:33 - 2015-02-06 11:33 - 00001008 _____ () C:\Users\Public\Desktop\Android-Sync.lnk
2015-02-06 11:33 - 2015-02-06 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android-Sync
2015-02-06 11:33 - 2015-02-06 11:33 - 00000000 ____D () C:\Program Files\Android-Sync
2015-02-06 11:19 - 2015-02-06 11:19 - 13874352 _____ (Android-Sync.com ) C:\Users\nlpdave\Downloads\android-sync_setup(5).exe
2015-02-04 12:04 - 2015-02-04 12:04 - 06142695 _____ (DuckLink Software ) C:\Users\nlpdave\Downloads\Install_DuckCapture_2.7(1).exe
2015-02-03 20:11 - 2015-02-03 20:11 - 00000000 ____D () C:\TinyTake
2015-02-03 20:08 - 2015-02-03 20:09 - 19816553 _____ () C:\Users\nlpdave\Downloads\TinyTakeSetup_v_2_5_41.zip
2015-02-03 11:30 - 2015-02-07 11:31 - 00001456 _____ () C:\Users\nlpdave\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-01 21:52 - 2015-02-17 08:36 - 00000000 ____D () C:\Users\nlpdave\Desktop\Old Firefox Data
2015-02-01 18:31 - 2015-02-12 14:53 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-01 18:31 - 2015-02-12 14:53 - 00001309 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-01 18:30 - 2015-02-01 18:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-01 18:30 - 2015-02-01 18:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-29 12:20 - 2015-02-15 10:35 - 00001146 _____ () C:\Users\nlpdave\Desktop\ComboFix(2).exe - Shortcut.lnk
2015-01-29 12:17 - 2015-02-15 10:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-29 12:12 - 2015-01-29 12:13 - 00368240 _____ (RegNow.com) C:\Users\nlpdave\Downloads\Download_SpyHunter-Installer.exe
2015-01-29 12:11 - 2015-01-29 12:11 - 00828440 _____ ( ) C:\Users\nlpdave\Downloads\adobe_flash_setup(1).exe
2015-01-27 12:12 - 2015-01-27 12:12 - 00000000 ____D () C:\Users\hipdave\AppData\Roaming\Macromedia
2015-01-27 12:12 - 2015-01-27 12:12 - 00000000 ____D () C:\Users\hipdave\AppData\Local\Macromedia
2015-01-27 12:10 - 2015-01-27 12:11 - 00000000 ____D () C:\Users\hipdave\AppData\Roaming\Mozilla
2015-01-27 12:10 - 2015-01-27 12:11 - 00000000 ____D () C:\Users\hipdave\AppData\Local\Mozilla
2015-01-27 10:50 - 2015-01-27 10:50 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\nlpdave\Downloads\spybot2-license(1).exe
2015-01-26 22:10 - 2015-01-26 22:10 - 00009806 _____ () C:\Users\hipdave\Desktop\Pricing Spreadsheet Euro based 2015.xls - Shortcut.lnk
2015-01-25 16:12 - 2015-02-14 10:33 - 00001171 _____ () C:\Users\nlpdave\AppData\Roaming\CRSKPO
2015-01-25 16:12 - 2015-02-14 10:33 - 00000365 _____ () C:\Users\nlpdave\AppData\Roaming\IJVJPMP
2015-01-25 14:36 - 2015-01-25 14:36 - 00828440 _____ ( ) C:\Users\nlpdave\Downloads\adobe_flash_setup.exe
2015-01-24 16:25 - 2015-01-24 16:31 - 00404992 _____ () C:\Users\nlpdave\Documents\A5 Parliamentary Leaflet Front.pub
2015-01-24 15:12 - 2015-01-24 15:12 - 00010332 _____ () C:\Users\nlpdave\Desktop\UKIP Candidates.accdb - Shortcut.lnk
2015-01-21 14:08 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\saavernet
2015-01-21 14:07 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\gReaotsaaving
2015-01-21 14:07 - 2015-01-21 14:09 - 00000000 ____D () C:\ProgramData\fba01206e1c18da3
2015-01-21 13:47 - 2015-01-27 10:55 - 00000000 ____D () C:\Program Files\RelayRise
2015-01-18 18:55 - 2015-01-18 18:55 - 00002476 _____ () C:\Users\nlpdave\Desktop\Lettings Schedule 2015.xlsx - Shortcut.lnk
2015-01-18 11:44 - 2015-01-18 11:44 - 00000935 _____ () C:\Users\nlpdave\Downloads\PatientAccessAppointment.ics

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 13:55 - 2014-12-11 09:50 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 13:47 - 2014-11-30 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 13:22 - 2014-11-29 13:15 - 01780430 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 09:55 - 2014-12-11 09:50 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 08:38 - 2014-12-03 00:31 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-16 18:26 - 2014-11-29 13:14 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:26 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:26 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:18 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:18 - 2009-07-14 04:39 - 00028834 _____ () C:\Windows\setupact.log
2015-02-15 13:13 - 2014-12-02 16:34 - 00000000 ____D () C:\Users\nlpdave\Documents\UKIP
2015-02-15 11:40 - 2014-11-29 16:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-15 11:32 - 2014-11-29 16:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-15 11:01 - 2009-07-14 02:37 - 00000000 __RHD () C:\Users\Default
2015-02-15 11:01 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2015-02-15 10:56 - 2009-07-14 02:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 10:55 - 2014-11-29 15:56 - 00036152 _____ () C:\Windows\PFRO.log
2015-02-15 10:55 - 2009-07-14 02:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 10:33 - 2014-11-25 22:01 - 05611771 ____R (Swearware) C:\Users\nlpdave\Downloads\ComboFix.exe
2015-02-12 22:39 - 2014-12-16 19:32 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\uTorrent
2015-02-12 22:35 - 2014-12-04 10:13 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Skype
2015-02-12 15:15 - 2014-11-29 18:21 - 00000000 ____D () C:\Program Files\Sony
2015-02-12 14:53 - 2014-12-11 09:50 - 00002333 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 11:33 - 2014-11-29 18:24 - 00321134 _____ () C:\Windows\DPINST.LOG
2015-02-05 14:47 - 2014-11-30 18:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 14:47 - 2014-11-30 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:26 - 2014-12-02 09:15 - 00000000 ____D () C:\Users\hipdave
2015-01-27 12:16 - 2014-12-06 01:14 - 00000000 ____D () C:\Users\hipdave\Documents\Portuguese
2015-01-27 12:08 - 2014-12-31 14:59 - 00000000 ____D () C:\ProgramData\928458613
2015-01-24 13:41 - 2014-12-02 15:29 - 00000000 ____D () C:\Users\nlpdave\Documents\Personal

==================== Files in the root of some directories =======

2015-02-12 14:52 - 2015-02-12 14:53 - 0001297 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.boostrap.log
2015-02-12 14:52 - 2015-02-12 14:53 - 0005785 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.installation.log
2015-01-25 16:12 - 2015-02-14 10:33 - 0001171 _____ () C:\Users\nlpdave\AppData\Roaming\CRSKPO
2015-01-25 16:12 - 2015-02-14 10:33 - 0000365 _____ () C:\Users\nlpdave\AppData\Roaming\IJVJPMP
2015-02-12 14:53 - 2015-02-12 14:53 - 0000078 _____ () C:\Users\nlpdave\AppData\Roaming\Selection Tools.installation.log
2015-02-12 14:52 - 2015-02-12 14:52 - 0000097 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.boostrap.log
2015-02-12 14:53 - 2015-02-12 14:53 - 0000078 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.installation.log
2015-02-03 11:30 - 2015-02-07 11:31 - 0001456 _____ () C:\Users\nlpdave\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 12:05

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by nlpdave (administrator) on NLPDAVE-PC on 17-02-2015 14:06:11
Running from C:\Users\nlpdave\Desktop
Loaded Profiles: nlpdave (Available profiles: nlpdave & hipdave)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Just Develop It) C:\Program Files\JustCloud\BackupStack.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(http://www.android-sync.com) C:\Program Files\Android-Sync\AndroidSync.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Android-Sync\bin\adb.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nosibay) C:\Users\nlpdave\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(JustCloud.com) C:\Program Files\JustCloud\JustCloud.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AndroidSync] => C:\Program Files\Android-Sync\AndroidSync.exe [6183856 2014-12-28] (http://www.android-sync.com)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [GoogleChromeAutoLaunch_BE23CE925313BBF5FBD06A494EC6A01F] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Selection Tools] => C:\Users\nlpdave\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [1510160 2014-12-16] (Nosibay)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\System32\C2MP\UpdateChecker.exe ()
Startup: C:\Users\hipdave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk
ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ybs.co.uk/index.html
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1423752836&from=ild&uid=M4-CT256M4SSD2_0000000012530922F266&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1423752836&from=ild&uid=M4-CT256M4SSD2_0000000012530922F266&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> 73F74BDE4BB14904BD740A8633F6322F URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\nlpdave\AppData\Roaming\Mozilla\Firefox\Profiles\w79ca5s8.default-1424162172088
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\nlpdave\AppData\Roaming\Mozilla\Firefox\Profiles\daetxs2x.default-1422827551643\extensions\fftoolbar2014@etech.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=...0012530922F266

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> F65B569EDD18076316D2D9B4B193557E20F7ABBF564E29E90323403582BDFB77
CHR DefaultSearchURL: Default -> 8ABC8FD2299E716FB757CA0AB2D698F91BE0A143674C3E6F0C3617663D83D8F7
CHR Profile: C:\Users\nlpdave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Vosteran New Tab) - C:\Users\nlpdave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2014-12-31]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3472690289-4182131003-983049352-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=...0012530922F266

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-12] (globalUpdate) [File not signed]
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 nvservice; C:\Windows\system32\nvservice.exe [160544 2013-02-04] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-13] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2014-04-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\Users\nlpdave\AppData\Local\Temp\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 14:06 - 2015-02-17 14:06 - 00013033 _____ () C:\Users\nlpdave\Desktop\FRST.txt
2015-02-15 13:25 - 2015-02-15 10:55 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20150215-132516.backup
2015-02-15 12:43 - 2015-02-15 12:27 - 01125888 _____ (Farbar) C:\Users\nlpdave\Desktop\FRST.exe
2015-02-15 12:40 - 2015-02-15 12:40 - 00000619 _____ () C:\Users\nlpdave\Desktop\aswMBR.txt
2015-02-15 12:29 - 2015-02-15 12:30 - 00032705 _____ () C:\Users\nlpdave\Downloads\Addition.txt
2015-02-15 12:28 - 2015-02-17 14:06 - 00000000 ____D () C:\FRST
2015-02-15 12:28 - 2015-02-15 12:30 - 00028597 _____ () C:\Users\nlpdave\Downloads\FRST.txt
2015-02-15 12:27 - 2015-02-15 12:27 - 01125888 _____ (Farbar) C:\Users\nlpdave\Downloads\FRST.exe
2015-02-15 12:25 - 2015-02-15 12:25 - 05198336 _____ (AVAST Software) C:\Users\nlpdave\Downloads\aswMBR.exe
2015-02-15 11:30 - 2015-02-15 11:30 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-15 11:30 - 2015-02-15 11:30 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-15 11:30 - 2015-02-15 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-15 11:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 11:05 - 2015-02-15 11:06 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\nlpdave\Downloads\spybot2-license(2).exe
2015-02-15 11:01 - 2015-02-15 11:01 - 00019913 _____ () C:\ComboFix.txt
2015-02-15 10:36 - 2015-02-15 11:01 - 00000000 ____D () C:\ComboFix
2015-02-15 10:36 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 10:36 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 10:36 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 10:36 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 10:33 - 2015-02-15 11:01 - 00000000 ____D () C:\Qoobox
2015-02-14 17:39 - 2015-02-14 17:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\nlpdave\Downloads\SpyHunter-Installer.exe
2015-02-13 13:28 - 2015-02-13 13:28 - 00005136 _____ () C:\Windows\system32\LavasoftTcpService.ini
2015-02-13 13:28 - 2015-02-13 13:28 - 00002832 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-13 13:28 - 2015-02-13 13:28 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Lavasoft
2015-02-13 13:28 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-02-13 13:27 - 2015-02-13 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-13 13:27 - 2015-02-13 13:27 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-13 13:26 - 2015-02-13 13:26 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Lavasoft
2015-02-13 13:26 - 2015-02-13 13:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-13 13:25 - 2015-02-13 13:25 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\OpenCandy
2015-02-13 13:24 - 2015-02-13 13:25 - 00000000 ____D () C:\Windows\system32\C2MP
2015-02-13 13:24 - 2015-02-13 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2015-02-13 13:23 - 2015-02-13 13:23 - 23229320 _____ (Windows 7 - Codec Pack) C:\Users\nlpdave\Downloads\windows.7.codec.pack.v4.1.0.setup(1).exe
2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\nlpdave\Documents\OFX Presets
2015-02-12 15:21 - 2015-02-12 15:21 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Publish Providers
2015-02-12 15:15 - 2015-02-12 15:15 - 00000000 ____D () C:\ProgramData\Sony
2015-02-12 15:15 - 2015-02-12 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-12 15:08 - 2015-02-12 15:08 - 00000000 ____D () C:\Users\nlpdave\Downloads\Sony Vegas Pro 11
2015-02-12 15:03 - 2015-02-12 15:03 - 00001669 _____ () C:\Windows\system32\${LOGFILE}
2015-02-12 14:53 - 2015-02-12 14:53 - 00000078 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.installation.log
2015-02-12 14:53 - 2015-02-12 14:53 - 00000078 _____ () C:\Users\nlpdave\AppData\Roaming\Selection Tools.installation.log
2015-02-12 14:53 - 2015-02-12 14:53 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\WTools
2015-02-12 14:53 - 2015-02-12 14:53 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Store
2015-02-12 14:52 - 2015-02-12 15:03 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Nosibay
2015-02-12 14:52 - 2015-02-12 14:53 - 00005785 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.installation.log
2015-02-12 14:52 - 2015-02-12 14:53 - 00001297 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.boostrap.log
2015-02-12 14:52 - 2015-02-12 14:52 - 00000097 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.boostrap.log
2015-02-12 14:51 - 2015-02-17 08:56 - 00000882 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-12 14:51 - 2015-02-16 20:36 - 00000878 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-12 14:51 - 2015-02-14 10:29 - 00000000 ____D () C:\Program Files\50df918c-726a-4302-9975-983bfd65dffa
2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\globalUpdate
2015-02-12 14:51 - 2015-02-12 14:51 - 00000000 ____D () C:\Program Files\globalUpdate
2015-02-12 14:50 - 2015-02-14 10:32 - 00000000 ____D () C:\Program Files\ClickMovie1-Downloaderv10
2015-02-12 14:50 - 2015-02-12 14:50 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Cool_Mirage
2015-02-12 14:47 - 2015-02-12 14:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-12 14:44 - 2015-02-12 14:44 - 00408816 _____ () C:\Users\nlpdave\Downloads\Sony_Vegas_Pro_9_Serial.exe
2015-02-12 14:37 - 2015-02-12 15:20 - 00002444 _____ () C:\Users\nlpdave\Documents\Register Vegas Pro.htm
2015-02-12 14:27 - 2015-02-13 11:12 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Sony
2015-02-12 14:27 - 2015-02-12 14:28 - 00000000 ____D () C:\Users\nlpdave\AppData\Local\Sony
2015-02-06 11:33 - 2015-02-06 11:33 - 00001008 _____ () C:\Users\Public\Desktop\Android-Sync.lnk
2015-02-06 11:33 - 2015-02-06 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android-Sync
2015-02-06 11:33 - 2015-02-06 11:33 - 00000000 ____D () C:\Program Files\Android-Sync
2015-02-06 11:19 - 2015-02-06 11:19 - 13874352 _____ (Android-Sync.com ) C:\Users\nlpdave\Downloads\android-sync_setup(5).exe
2015-02-04 12:04 - 2015-02-04 12:04 - 06142695 _____ (DuckLink Software ) C:\Users\nlpdave\Downloads\Install_DuckCapture_2.7(1).exe
2015-02-03 20:11 - 2015-02-03 20:11 - 00000000 ____D () C:\TinyTake
2015-02-03 20:08 - 2015-02-03 20:09 - 19816553 _____ () C:\Users\nlpdave\Downloads\TinyTakeSetup_v_2_5_41.zip
2015-02-03 11:30 - 2015-02-07 11:31 - 00001456 _____ () C:\Users\nlpdave\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-01 21:52 - 2015-02-17 08:36 - 00000000 ____D () C:\Users\nlpdave\Desktop\Old Firefox Data
2015-02-01 18:31 - 2015-02-12 14:53 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-01 18:31 - 2015-02-12 14:53 - 00001309 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-01 18:30 - 2015-02-01 18:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-01 18:30 - 2015-02-01 18:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-29 12:20 - 2015-02-15 10:35 - 00001146 _____ () C:\Users\nlpdave\Desktop\ComboFix(2).exe - Shortcut.lnk
2015-01-29 12:17 - 2015-02-15 10:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-29 12:12 - 2015-01-29 12:13 - 00368240 _____ (RegNow.com) C:\Users\nlpdave\Downloads\Download_SpyHunter-Installer.exe
2015-01-29 12:11 - 2015-01-29 12:11 - 00828440 _____ ( ) C:\Users\nlpdave\Downloads\adobe_flash_setup(1).exe
2015-01-27 12:12 - 2015-01-27 12:12 - 00000000 ____D () C:\Users\hipdave\AppData\Roaming\Macromedia
2015-01-27 12:12 - 2015-01-27 12:12 - 00000000 ____D () C:\Users\hipdave\AppData\Local\Macromedia
2015-01-27 12:10 - 2015-01-27 12:11 - 00000000 ____D () C:\Users\hipdave\AppData\Roaming\Mozilla
2015-01-27 12:10 - 2015-01-27 12:11 - 00000000 ____D () C:\Users\hipdave\AppData\Local\Mozilla
2015-01-27 10:50 - 2015-01-27 10:50 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\nlpdave\Downloads\spybot2-license(1).exe
2015-01-26 22:10 - 2015-01-26 22:10 - 00009806 _____ () C:\Users\hipdave\Desktop\Pricing Spreadsheet Euro based 2015.xls - Shortcut.lnk
2015-01-25 16:12 - 2015-02-14 10:33 - 00001171 _____ () C:\Users\nlpdave\AppData\Roaming\CRSKPO
2015-01-25 16:12 - 2015-02-14 10:33 - 00000365 _____ () C:\Users\nlpdave\AppData\Roaming\IJVJPMP
2015-01-25 14:36 - 2015-01-25 14:36 - 00828440 _____ ( ) C:\Users\nlpdave\Downloads\adobe_flash_setup.exe
2015-01-24 16:25 - 2015-01-24 16:31 - 00404992 _____ () C:\Users\nlpdave\Documents\A5 Parliamentary Leaflet Front.pub
2015-01-24 15:12 - 2015-01-24 15:12 - 00010332 _____ () C:\Users\nlpdave\Desktop\UKIP Candidates.accdb - Shortcut.lnk
2015-01-21 14:08 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\saavernet
2015-01-21 14:07 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\gReaotsaaving
2015-01-21 14:07 - 2015-01-21 14:09 - 00000000 ____D () C:\ProgramData\fba01206e1c18da3
2015-01-21 13:47 - 2015-01-27 10:55 - 00000000 ____D () C:\Program Files\RelayRise
2015-01-18 18:55 - 2015-01-18 18:55 - 00002476 _____ () C:\Users\nlpdave\Desktop\Lettings Schedule 2015.xlsx - Shortcut.lnk
2015-01-18 11:44 - 2015-01-18 11:44 - 00000935 _____ () C:\Users\nlpdave\Downloads\PatientAccessAppointment.ics

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 13:55 - 2014-12-11 09:50 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 13:47 - 2014-11-30 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 13:22 - 2014-11-29 13:15 - 01780430 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 09:55 - 2014-12-11 09:50 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 08:38 - 2014-12-03 00:31 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-16 18:26 - 2014-11-29 13:14 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:26 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:26 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:18 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:18 - 2009-07-14 04:39 - 00028834 _____ () C:\Windows\setupact.log
2015-02-15 13:13 - 2014-12-02 16:34 - 00000000 ____D () C:\Users\nlpdave\Documents\UKIP
2015-02-15 11:40 - 2014-11-29 16:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-15 11:32 - 2014-11-29 16:39 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-15 11:01 - 2009-07-14 02:37 - 00000000 __RHD () C:\Users\Default
2015-02-15 11:01 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2015-02-15 10:56 - 2009-07-14 02:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 10:55 - 2014-11-29 15:56 - 00036152 _____ () C:\Windows\PFRO.log
2015-02-15 10:55 - 2009-07-14 02:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-15 10:55 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-15 10:33 - 2014-11-25 22:01 - 05611771 ____R (Swearware) C:\Users\nlpdave\Downloads\ComboFix.exe
2015-02-12 22:39 - 2014-12-16 19:32 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\uTorrent
2015-02-12 22:35 - 2014-12-04 10:13 - 00000000 ____D () C:\Users\nlpdave\AppData\Roaming\Skype
2015-02-12 15:15 - 2014-11-29 18:21 - 00000000 ____D () C:\Program Files\Sony
2015-02-12 14:53 - 2014-12-11 09:50 - 00002333 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 11:33 - 2014-11-29 18:24 - 00321134 _____ () C:\Windows\DPINST.LOG
2015-02-05 14:47 - 2014-11-30 18:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 14:47 - 2014-11-30 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:26 - 2014-12-02 09:15 - 00000000 ____D () C:\Users\hipdave
2015-01-27 12:16 - 2014-12-06 01:14 - 00000000 ____D () C:\Users\hipdave\Documents\Portuguese
2015-01-27 12:08 - 2014-12-31 14:59 - 00000000 ____D () C:\ProgramData\928458613
2015-01-24 13:41 - 2014-12-02 15:29 - 00000000 ____D () C:\Users\nlpdave\Documents\Personal

==================== Files in the root of some directories =======

2015-02-12 14:52 - 2015-02-12 14:53 - 0001297 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.boostrap.log
2015-02-12 14:52 - 2015-02-12 14:53 - 0005785 _____ () C:\Users\nlpdave\AppData\Roaming\Bubble Dock.installation.log
2015-01-25 16:12 - 2015-02-14 10:33 - 0001171 _____ () C:\Users\nlpdave\AppData\Roaming\CRSKPO
2015-01-25 16:12 - 2015-02-14 10:33 - 0000365 _____ () C:\Users\nlpdave\AppData\Roaming\IJVJPMP
2015-02-12 14:53 - 2015-02-12 14:53 - 0000078 _____ () C:\Users\nlpdave\AppData\Roaming\Selection Tools.installation.log
2015-02-12 14:52 - 2015-02-12 14:52 - 0000097 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.boostrap.log
2015-02-12 14:53 - 2015-02-12 14:53 - 0000078 _____ () C:\Users\nlpdave\AppData\Roaming\WindApp.installation.log
2015-02-03 11:30 - 2015-02-07 11:31 - 0001456 _____ () C:\Users\nlpdave\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 12:05

==================== End Of Log ============================

**Juliet** · 2015-02-17, 17:40

Hi and welcome

You didn't post your Addition.txt which was needed to complete this first run of removals. May need to ask you run FRST again at a later time to ensure we've gotten rid of this.

Google Chrome will have to be completely uninstalled, then we can install it again.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Chrome Bookmarks

A couple of things need to be removed.

Please download and install Revo Uninstaller Free

Double click Revo Uninstaller to run it.
From the list of programs double click on Google Chrome
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

Next, please remove these programs if found
Selection Tools
JoyNshop
Just Develop It

You can redownload Google Chrome from here
http://www.google.com/chrome/

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3472690289-4182131003-983049352-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1423752836&from=ild&uid=M4-CT256M4SSD2_0000000012530922F266&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> 73F74BDE4BB14904BD740A8633F6322F URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3472690289-4182131003-983049352-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=...0012530922F266
CMD:C:\ComboFix.txt
2015-01-21 14:08 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\saavernet
2015-01-21 14:07 - 2015-01-27 12:15 - 00000000 ____D () C:\ProgramData\gReaotsaaving
2015-01-21 13:47 - 2015-01-27 10:55 - 00000000 ____D () C:\Program Files\RelayRise
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

**nlpdave** · 2015-02-18, 08:09

Juliet,

Thank you for your help. I've completed your instructions and the malware has been removed.

The log files you asked for have been attached.

David

**Juliet** · 2015-02-18, 12:47

Google Chrome will have to be completely uninstalled <-- Were you able to do this?

Next, please remove these programs if found
Selection Tools
JoyNshop
Just Develop It

Were you able to do the above?

~~~~~~~~~~~~~~~~~~~

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

How is your computer now?

**nlpdave** · 2015-02-18, 18:24

Yes I was able to do all of the recommendations including uninstalling Google Chrome and deleting the files you suggested.

I attach the log file from Malware bytes. I use Just Cloud backup software that often creates false positives so I've excluded that from the scan.

The machine is working fine now and the omega-plus browser infection was cleared yesterday and before I ran Malware Bytes.

Many thanks.

David

**Juliet** · 2015-02-18, 20:28

wowssa, that found quite a bit.

Was all quarantined?, the logs don't show us that so I have to ask.

Glad the machine is better and infection gone.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to it
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

**nlpdave** · 2015-02-18, 21:09

Juliet,

Yes, all that needed to be quarantined have been and the machine is fine. The real problem wit the omega-plus malware is that it brings with it a whole host of unwanted stuff. I'll run the ESET online scan tonight and report tomorrow.

David

**Juliet** · 2015-02-18, 21:17

The machine is working fine now and the omega-plus browser infection was cleared yesterday and before I ran Malware Bytes.

The real problem wit the omega-plus malware is that it brings with it a whole host of unwanted stuff

And it appears gone now right?

No rush on the Eset scan, paste the log in tomorrow at your convenience.

**nlpdave** · 2015-02-19, 00:18

Juliet,

Scan attached.

Machine working fine.

David

**Juliet** · 2015-02-19, 00:45

Before I create a script to take items out, do you want me to leave these

C:\Program Files\JustCloud\BackupStackUI.dll
C:\Program Files\JustCloud\Configuration Updater.exe
C:\Users\hipdave\Documents\JustCloud_Restore_23_Nov_2014@15.26

Since their related to JustCloud?

Thread: omega-plus malware log files attached

Thread Tools

Display

omega-plus malware log files attached

Omega-Plus Malware sucsessfully removed

everything Ok

Files quarantied

Eset scan attached

Posting Permissions