TechSpot

Friends Vista infected

By learninmypc
Feb 17, 2015
  1. I don't remember the link I saw, but I know its infected. Scans follow.
     
  2. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 2/17/2015 6:38:14 PM, SYSTEM, HOMEPC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
    Update, 2/17/2015 6:38:15 PM, SYSTEM, HOMEPC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
    Update, 2/17/2015 6:38:18 PM, SYSTEM, HOMEPC, Manual, Malware Database, 2014.11.20.6, 2015.2.18.1,
    Scan, 2/17/2015 7:35:28 PM, SYSTEM, HOMEPC, Manual, Start:2/17/2015 7:15:07 PM, Duration:18 min 12 sec, Threat Scan, Completed, 3 Malware Detections, 950 Non-Malware Detections,

    (end)
     
  3. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16609 BrowserJavaVersion: 11.31.2
    Run by earl at 19:44:19 on 2015-02-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1638 [GMT -8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Program Files\Search Extensions\Client.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\PictureMover\Bin\PictureMover.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uProxyServer = hxxp=127.0.0.1:49216;https=127.0.0.1:49216
    uProxyOverride = <-loopback>
    uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [vwynoxef] c:\windows\system32\regsvr32.exe /s "c:\users\earl~1.hom\appdata\local\temp\xjsxlnm.dll"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.1 74.40.74.40
    TCP: Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} : DHCPNameServer = 192.168.1.1 74.40.74.40
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.7\ViProtocol.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\earl.homepc\appdata\roaming\mozilla\firefox\profiles\npkh6xqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-4 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-4 206248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-2-11 787800]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-2-11 423784]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 142648]
    R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-10-30 166296]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-21 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-11 70384]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-11 50344]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
    R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.7\ToolbarUpdater.exe [2014-5-30 1808408]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2015-2-17 528896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2015-02-18 03:02:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-02-18 02:38:13 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-18 02:37:54 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-18 02:37:54 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-18 02:37:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-02-18 01:52:10 528896 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2015-02-17 13:01:06 9041640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{133169d9-45e3-4a61-9369-055711cfd8a0}\mpengine.dll
    2015-02-13 06:26:12 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-12 11:02:27 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-12 11:02:19 2063360 ----a-w- c:\windows\system32\win32k.sys
    2015-02-12 11:02:07 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-12 11:00:55 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-02-12 11:00:36 306176 ----a-w- c:\windows\system32\scesrv.dll
    .
    ==================== Find3M ====================
    .
    2015-01-14 01:49:16 367104 ----a-w- c:\windows\system32\html.iec
    2015-01-14 01:42:51 1129472 ----a-w- c:\windows\system32\wininet.dll
    2015-01-14 01:42:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-01-14 01:41:28 421376 ----a-w- c:\windows\system32\vbscript.dll
    2015-01-14 01:41:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-01-14 01:40:35 11776 ----a-w- c:\windows\system32\mshta.exe
    2015-01-14 01:40:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-12-23 08:50:16 249488 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-19 00:25:17 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-06 03:14:51 153600 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-06 03:14:36 48640 ----a-w- c:\windows\system32\nlaapi.dll
    2014-12-06 03:14:36 174080 ----a-w- c:\windows\system32\nlasvc.dll
    2014-12-06 03:14:34 93184 ----a-w- c:\windows\system32\ncsi.dll
    2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-22 09:18:13 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-21 14:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 19:45:41.54 ===============
     
  4. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/29/2011 2:14:04 PM
    System Uptime: 2/17/2015 7:36:39 PM (0 hours ago)
    .
    Motherboard: ECS | | Iris8
    Processor: AMD Athlon(tm) Dual Core Processor 4450e | Socket AM2 | 2300/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 149.019 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.539 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ASPCA Tri Reminder by We-Care.com v4.0.13.5
    Avast Free Antivirus
    Bonjour
    BrowserSafeguard with RocketTab
    CCleaner
    Community Smartbar
    CyberLink DVD Suite Deluxe
    Dropbox
    ESET Online Scanner v3
    FileHippo.com Update Checker
    Google Chrome
    Google Drive
    Google Earth
    Google Update Helper
    Haali Media Splitter
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Demo
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    iTunes
    Java 7 Update 65
    Java 8 Update 31
    Java Auto Updater
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Live Search Toolbar
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Mozilla Firefox 35.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPC-HC 1.6.7.7114 (9eb64ec)
    Music Oasis
    muvee Reveal
    My HP Games
    NetZero Preloader
    NVIDIA Drivers
    PictureMover
    Power2Go
    PowerDirector
    Python 2.5.2
    QuickTime 7
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    SeaMonkey 2.32.1 (x86 en-US)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Soft Data Fax Modem with SmartCP
    SPORE Creature Creator Trial Edition
    SpywareBlaster 5.0
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VisualBee for Microsoft PowerPoint
    VLC media player
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    MBAM log is incorrect.
    Please post correct log.
     
  6. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Broni, I went by the directions in here
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
     
  7. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    I will re scan.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK...or....use second method...

    • open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
     
  9. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    This is not making one damn bit of sense. neither instructions are giving me the damn log.:(
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
  10. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    I'm going to continue with the other scans,
    .
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Re-run MBAM one more time.
     
  12. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    I re ran the damn thing & followed this
    OK...or....use second method...

    • open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    But it still wouldn't allow me to get the log which is why I said I'd continue with other scans.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    When you run MBAM does it find any infection?

    I'm signing off for tonight...
     
  14. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Yes,it finds lots.
     
  15. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Broni, since last post, I went into Programs & features & removed alot of garbage, used revo to uninstall/reinstall M-bam & even ran M-bam in safemode to no avail.
    Could it be that when I rebooted it the first time nothing will show after that? Am very confused.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  17. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    RogueKiller V10.4.0.0 [Feb 18 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : earl [Administrator]
    Mode : Delete -- Date : 02/18/2015 17:40:04

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] explorer.exe(2876) -- C:\Users\earl.homepc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll[7] -> Unloaded
    [PUP] (SVC) vToolbarUpdater18.1.7 -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe[7] -> Stopped

    ¤¤¤ Registry : 27 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll) -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe") -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll) -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} (C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll) -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe") -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vwynoxef : C:\Windows\system32\regsvr32.exe /s "C:\Users\EARL~1.HOM\AppData\Local\Temp\xjsxlnm.dll" [7][x][x] -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\EARL~1.HOM\AppData\Local\Temp\catchme.sys) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.7 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\EARL~1.HOM\AppData\Local\Temp\catchme.sys) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.7 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe) -> Not selected
    [PUM.Proxy] HKEY_USERS\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] HKEY_USERS\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49226;https=127.0.0.1:49226 -> Not selected
    [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB9C1C55-EEA7-4CA9-9D1A-C8690C9CD55A} | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AB9C1C55-EEA7-4CA9-9D1A-C8690C9CD55A} | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} | DhcpNameServer : 192.168.1.1 74.40.74.40 [UNITED STATES (US)] -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\Registration -- "C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe" (Registration ShowMessageTask2D) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0x805e0640

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] npkh6xqv.default : user_pref("browser.startup.homepage", "http://www.kirotv.com"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST325031 0AS SCSI Disk Device +++++
    --- User ---
    [MBR] 02530c54bbe5a29f7c666e82b46526d1
    [BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 226949 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 464792580 | Size: 11523 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )


    ============================================
    RKreport_SCN_02182015_173914.log
     
  18. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    M-bam anti rootkit found nothing.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    ComboFix 15-02-16.01 - earl 02/18/2015 18:27:23.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1056 [GMT -8:00]
    Running from: c:\users\earl.homepc\Desktop\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\SearchProtect
    c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
    c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
    c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
    c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
    c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
    c:\program files\SearchProtect\UI\dialogs\Images\bg.png
    c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
    c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
    c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
    c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
    c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
    c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
    c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
    c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
    c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
    c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
    c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
    c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
    c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
    c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
    c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
    c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
    c:\program files\SearchProtect\UI\dialogs\Images\hez.png
    c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
    c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
    c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
    c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
    c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
    c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
    c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
    c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
    c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
    c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
    c:\program files\SearchProtect\UI\dialogs\Images\v.png
    c:\program files\SearchProtect\UI\dialogs\Images\x.png
    c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
    c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
    c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
    c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
    c:\program files\SearchProtect\UI\dialogs\libs\main.js
    c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
    c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
    c:\program files\SearchProtect\UI\dialogs\protection\protection.css
    c:\program files\SearchProtect\UI\dialogs\protection\protection.html
    c:\program files\SearchProtect\UI\dialogs\protection\protection.js
    c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
    c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
    c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
    c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
    c:\program files\SearchProtect\UI\dialogs\settings.html
    c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
    c:\program files\SearchProtect\UI\dialogs\settings\settings.css
    c:\program files\SearchProtect\UI\dialogs\settings\settings.html
    c:\program files\SearchProtect\UI\dialogs\settings\settings.js
    c:\program files\SearchProtect\UI\dialogs\style.css
    c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
    c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
    c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
    c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-19 to 2015-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-19 02:36 . 2015-02-19 02:36 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-02-19 02:36 . 2015-02-19 02:36 -------- d-----w- c:\users\earl\AppData\Local\temp
    2015-02-19 02:36 . 2015-02-19 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-19 01:47 . 2015-02-19 02:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-19 01:31 . 2015-02-19 01:45 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-19 01:31 . 2015-02-19 01:31 -------- d-----w- c:\programdata\RogueKiller
    2015-02-18 19:50 . 2015-02-18 19:59 -------- d-----w- c:\program files\MyDefrag v4.3.1
    2015-02-18 19:43 . 2015-02-18 19:43 -------- d-----w- c:\program files\iPod
    2015-02-18 19:43 . 2015-02-18 19:44 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-02-18 19:43 . 2015-02-18 19:44 -------- d-----w- c:\program files\iTunes
    2015-02-18 19:40 . 2015-02-18 19:40 -------- d-----w- c:\windows\LastGood
    2015-02-18 16:20 . 2015-02-18 16:20 -------- d-----w- c:\program files\ESET
    2015-02-18 15:54 . 2015-02-19 01:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-18 15:53 . 2015-02-19 01:46 82648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-18 15:53 . 2015-02-18 15:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-02-18 15:53 . 2014-11-21 14:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-18 15:53 . 2014-11-21 14:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-02-18 14:42 . 2015-02-18 14:42 -------- d-----w- c:\program files\VS Revo Group
    2015-02-18 14:37 . 2015-02-18 14:37 -------- d-----w- c:\programdata\IsolatedStorage
    2015-02-18 14:24 . 2015-02-18 14:24 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2015-02-18 03:56 . 2015-02-18 03:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-02-18 03:56 . 2015-02-18 03:56 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-02-18 03:02 . 2015-02-18 03:01 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-02-18 02:24 . 2015-02-18 02:24 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2015-02-18 01:52 . 2010-01-06 09:20 528896 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
    2015-02-17 13:01 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{133169D9-45E3-4A61-9369-055711CFD8A0}\mpengine.dll
    2015-02-13 06:26 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-12 11:02 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-12 11:02 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
    2015-02-12 11:02 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-12 11:00 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-02-12 11:00 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-23 08:50 . 2012-02-11 20:55 249488 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-19 00:25 . 2015-01-14 11:07 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-06 03:14 . 2015-01-14 11:00 153600 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-06 03:14 . 2015-01-14 11:01 48640 ----a-w- c:\windows\system32\nlaapi.dll
    2014-12-06 03:14 . 2015-01-14 11:01 174080 ----a-w- c:\windows\system32\nlasvc.dll
    2014-12-06 03:14 . 2015-01-14 11:01 93184 ----a-w- c:\windows\system32\ncsi.dll
    2014-12-03 02:06 . 2014-12-11 11:00 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-22 09:18 . 2012-02-11 22:30 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-16 21:17 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-01-16 00:59 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-21 60712]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-18 508800]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 157480]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2015-02-18 142648]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-18 03:56]
    .
    2015-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 19:37]
    .
    2015-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-23 19:37]
    .
    2015-01-24 c:\windows\Tasks\HPCeeScheduleForearl.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-13 19:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49226;https=127.0.0.1:49226
    uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
    FF - ProfilePath - c:\users\earl.homepc\AppData\Roaming\Mozilla\Firefox\Profiles\npkh6xqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.kirotv.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-02-18 18:36
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\avast! sandbox
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-02-18 18:40:11
    ComboFix-quarantined-files.txt 2015-02-19 02:40
    .
    Pre-Run: 158,192,279,552 bytes free
    Post-Run: 158,057,312,256 bytes free
    .
    - - End Of File - - 8CDBBC1BC166E4AF2DE9EDA6860506B6
    03BA8F890B47C0BE359A4D5A636D214D
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  22. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    # AdwCleaner v4.111 - Logfile created 18/02/2015 at 18:56:24
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : earl - HOMEPC
    # Running from : C:\Users\earl.homepc\Desktop\Desktop\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.1.7

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files\003
    Folder Deleted : C:\Program Files\pcreg
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\angobeimajilfhlcpeiccndaifchnppl
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\visualbee
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\PerformerSoft
    Key Deleted : HKLM\SOFTWARE\visualbee
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserSafeGuard
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VisualBee for Microsoft PowerPoint
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49226;hxxps=127.0.0.1:49226

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16609

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [7577 bytes] - [18/02/2015 18:54:01]
    AdwCleaner[S0].txt - [7176 bytes] - [18/02/2015 18:56:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7235 bytes] ##########
     
  23. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by earl on Wed 02/18/2015 at 19:02:59.19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\earl.homepc\Local Settings\Application Data\linkury"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 02/18/2015 at 19:06:15.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
    Ran by earl at 2015-02-18 19:10:56
    Running from C:\Users\earl.homepc\Desktop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-3556668068-2155704131-84744496-1000\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    CyberLink DVD Suite Deluxe (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
    Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
    HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
    HP Demo (HKLM\...\{48BF4489-0C58-4E80-BB17-94A673CE310A}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
    HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
    HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
    Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
    LabelPrint (Version: 2.5.0904 - CyberLink Corp.) Hidden
    LightScribe System Software 1.14.25.1 (HKLM\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
    LightScribe Template Labeler (HKLM\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM\...\{2CD352BA-1F8A-4302-B972-2529E82A5679}) (Version: 3.0.541.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MPC-HC 1.6.7.7114 (9eb64ec) (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
    My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    PictureMover (HKLM\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
    Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
    Power2Go (Version: 6.0.2112 - CyberLink Corp.) Hidden
    PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
    PowerDirector (Version: 7.0.2202 - CyberLink Corp.) Hidden
    Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SeaMonkey 2.32.1 (x86 en-US) (HKLM\...\SeaMonkey 2.32.1 (x86 en-US)) (Version: 2.32.1 - Mozilla)
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.0.0 - Conexant Systems)
    SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1006 - SUPERAntiSpyware.com)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3556668068-2155704131-84744496-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3556668068-2155704131-84744496-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3556668068-2155704131-84744496-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3556668068-2155704131-84744496-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

    ==================== Restore Points =========================

    10-02-2015 01:56:13 Windows Update
    11-02-2015 00:00:03 Scheduled Checkpoint
    12-02-2015 00:00:07 Scheduled Checkpoint
    12-02-2015 03:00:13 Windows Update
    12-02-2015 16:47:47 Scheduled Checkpoint
    13-02-2015 03:00:12 Windows Update
    13-02-2015 16:56:26 Scheduled Checkpoint
    14-02-2015 18:54:53 Scheduled Checkpoint
    15-02-2015 11:30:24 Scheduled Checkpoint
    16-02-2015 00:00:02 Scheduled Checkpoint
    17-02-2015 04:54:57 Windows Update
    17-02-2015 17:52:10 Device Driver Package Install: Belkin International, Inc. Network adapters
    17-02-2015 18:55:52 Installed Google Earth.
    18-02-2015 06:16:03 Removed Ask Toolbar
    18-02-2015 06:17:27 Removed ASPCA Tri Reminder by We-Care.com v4.0.13.5
    18-02-2015 06:23:27 Removed Juno Preloader
    18-02-2015 06:24:06 Removed Music Oasis
    18-02-2015 06:29:09 Removed NetZero Preloader
    18-02-2015 06:29:33 Removed muvee Reveal
    18-02-2015 06:43:37 Revo Uninstaller's restore point - Yahoo! Software Update
    18-02-2015 06:45:58 Revo Uninstaller's restore point - Yahoo! Toolbar
    18-02-2015 06:47:24 Revo Uninstaller's restore point - Community Smartbar
    18-02-2015 06:47:37 Removed Community Smartbar
    18-02-2015 07:46:20 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
    18-02-2015 09:15:16 Windows Update
    18-02-2015 10:27:06 Installed QuickTime 7
    18-02-2015 11:40:11 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    18-02-2015 11:40:38 Installed iTunes
    18-02-2015 17:44:07 scott

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 02:23 - 2015-02-18 18:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0DCD9C54-DED3-405D-9EBF-EBE1CF5C9517} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - earl => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
    Task: {34C5C6FD-819D-4426-9DFF-A660D7790BDE} - System32\Tasks\avastBCLRestartS-1-5-21-3556668068-2155704131-84744496-1000 => Chrome.exe
    Task: {3633EDB8-D530-4D55-A874-9C4E903B4642} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {3FCAD14C-C271-48F4-A040-2B442D6E24B9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3556668068-2155704131-84744496-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {4519BEA1-BE2D-46B0-BC75-FA4DA780EFAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17] (Adobe Systems Incorporated)
    Task: {5A6A9772-54DD-49C1-9E74-6A36A6338201} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5E15BD50-0DC5-49EA-A1F1-335D313E51A3} - \RocketTab No Task File <==== ATTENTION
    Task: {676AA298-43EF-4FDD-9880-89B6E2A6EFA5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3556668068-2155704131-84744496-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {764E28EF-521F-4605-AE30-37230E82F001} - System32\Tasks\HPCeeScheduleForearl => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
    Task: {7B0C8F7C-8F97-40F2-85DA-2ED85B72BFB5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3556668068-2155704131-84744496-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {7E6232F3-B4A8-4092-909D-4F6C033D1386} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
    Task: {A29ECC71-9D1F-4EF0-8A24-6E554E3FA0E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
    Task: {AB57BB70-90EA-47DE-A962-7FEFDA3EDE2D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
    Task: {C285DAEE-FB59-4523-9D95-38CA2F46D344} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
    Task: {CB69DE39-2EF3-440D-80BB-39C5794AFAAC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3556668068-2155704131-84744496-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {CCEB49F3-0734-4F8B-A981-2EA660571722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForearl.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-02-18 13:57 - 2015-02-18 13:57 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021802\algo.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-10-21 04:15 - 2014-11-16 13:17 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2008-10-17 09:39 - 2008-10-17 09:39 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2012-01-07 13:39 - 2009-04-10 22:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2008-10-17 09:32 - 2008-10-17 09:32 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
    2012-01-01 12:02 - 2008-09-08 15:11 - 03870720 _____ () C:\Users\earl.homepc\AppData\Roaming\PictureMover\Bin\Core.dll
    2012-01-01 12:03 - 2008-09-08 15:20 - 01703936 _____ () C:\Users\earl.homepc\AppData\Roaming\PictureMover\EN-US\Presentation.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\earl.homepc\AppData\Roaming\Mozilla\SeaMonkey\Desktop Background.bmp
    DNS Servers: 192.168.1.1 - 74.40.74.40

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3556668068-2155704131-84744496-500 - Administrator - Disabled)
    earl (S-1-5-21-3556668068-2155704131-84744496-1000 - Administrator - Enabled) => C:\Users\earl.homepc
    Guest (S-1-5-21-3556668068-2155704131-84744496-501 - Administrator - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-18 19:10:51.260
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:50.693
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:50.119
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:49.546
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:48.801
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:48.208
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:47.600
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 19:10:46.977
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 18:28:21.703
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 18:28:20.971
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) Dual Core Processor 4450e
    Percentage of memory in use: 37%
    Total physical RAM: 2941.76 MB
    Available physical RAM: 1831.89 MB
    Total Pagefile: 6092.02 MB
    Available Pagefile: 4966.65 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1896.47 MB

    ==================== Drives ================================

    Drive c: (COMPAQ) (Fixed) (Total:221.63 GB) (Free:147.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.25 GB) (Free:1.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=221.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  25. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,590   +335

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
    Ran by earl (administrator) on HOMEPC on 18-02-2015 19:10:13
    Running from C:\Users\earl.homepc\Desktop\Desktop
    Loaded Profiles: earl (Available profiles: earl)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM\...\Run: [UpdateP2GoShortCut] => c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM\...\Run: [UpdatePDIRShortCut] => c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM\...\Run: [UpdatePSTShortCut] => c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    BootExecute: autocheck autochk * sdnclean.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3556668068-2155704131-84744496-1000 -> {78923D79-AD94-4EC6-A4A0-EAF2541399C2} URL = http://search.yahoo.com/search?p={s...ype=W3i_DS,105,0_0,Search,20120101,6900,0,5,0
    SearchScopes: HKU\S-1-5-21-3556668068-2155704131-84744496-1000 -> {D575301D-02EA-4CA1-AD81-77C1B665A312} URL = http://www.google.com/search?q={searchTerms}
    BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 74.40.74.40

    FireFox:
    ========
    FF ProfilePath: C:\Users\earl.homepc\AppData\Roaming\Mozilla\Firefox\Profiles\npkh6xqv.default
    FF DefaultSearchEngine: Google
    FF Homepage: hxxp://www.kirotv.com
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Extension: WOT - C:\Users\earl.homepc\AppData\Roaming\Mozilla\Firefox\Profiles\npkh6xqv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-17]
    FF Extension: Adblock Plus - C:\Users\earl.homepc\AppData\Roaming\Mozilla\Firefox\Profiles\npkh6xqv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-17]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-03]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-11]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-17] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
    R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
    R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-16] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-16] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-16] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-16] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-16] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-16] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\EARL~1.HOM\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-18 19:10 - 2015-02-18 19:10 - 00000000 ____D () C:\FRST
    2015-02-18 19:06 - 2015-02-18 19:06 - 00001155 _____ () C:\Users\earl.homepc\Desktop\JRT.txt
    2015-02-18 18:53 - 2015-02-18 18:56 - 00000000 ____D () C:\AdwCleaner
    2015-02-18 18:40 - 2015-02-18 18:40 - 00017011 _____ () C:\ComboFix.txt
    2015-02-18 17:47 - 2015-02-18 18:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-18 17:46 - 2015-02-18 18:07 - 00000000 ____D () C:\Users\earl.homepc\Desktop\mbar
    2015-02-18 17:31 - 2015-02-18 17:45 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-18 17:31 - 2015-02-18 17:31 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-18 11:50 - 2015-02-18 11:59 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
    2015-02-18 11:50 - 2015-02-18 11:50 - 00000821 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
    2015-02-18 11:50 - 2015-02-18 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
    2015-02-18 11:44 - 2015-02-18 11:44 - 00001630 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-02-18 11:44 - 2015-02-18 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-02-18 11:43 - 2015-02-18 11:44 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-02-18 11:43 - 2015-02-18 11:44 - 00000000 ____D () C:\Program Files\iTunes
    2015-02-18 11:43 - 2015-02-18 11:43 - 00000000 ____D () C:\Program Files\iPod
    2015-02-18 09:09 - 2015-02-18 09:09 - 00032720 _____ () C:\Users\earl.homepc\Desktop\bookmarks.html
    2015-02-18 08:20 - 2015-02-18 08:20 - 00000000 ____D () C:\Program Files\ESET
    2015-02-18 07:54 - 2015-02-18 17:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-18 07:53 - 2015-02-18 17:46 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-18 07:53 - 2015-02-18 07:53 - 00000865 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-18 07:53 - 2015-02-18 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-18 07:53 - 2015-02-18 07:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-18 07:53 - 2014-11-21 06:57 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-18 07:53 - 2014-11-21 06:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-18 06:42 - 2015-02-18 06:42 - 00001023 _____ () C:\Users\earl.homepc\Desktop\Revo Uninstaller.lnk
    2015-02-18 06:42 - 2015-02-18 06:42 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-02-18 06:37 - 2015-02-18 06:37 - 00001799 _____ () C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
    2015-02-18 06:37 - 2015-02-18 06:37 - 00001769 _____ () C:\Users\earl.homepc\Desktop\FileHippo App Manager.lnk
    2015-02-18 06:37 - 2015-02-18 06:37 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2015-02-17 19:56 - 2015-02-18 19:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-17 19:56 - 2015-02-17 19:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-17 19:56 - 2015-02-17 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-17 19:36 - 2015-02-18 18:44 - 00254630 _____ () C:\Windows\PFRO.log
    2015-02-17 19:02 - 2015-02-17 19:01 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-02-17 19:02 - 2015-02-17 19:01 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-17 19:02 - 2015-02-17 19:01 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-17 19:02 - 2015-02-17 19:01 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-17 18:57 - 2015-02-17 18:57 - 00002039 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2015-02-17 18:57 - 2015-02-17 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2015-02-17 18:24 - 2015-02-17 19:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-17 18:24 - 2015-02-17 18:24 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-17 18:24 - 2015-02-17 18:24 - 00000812 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-17 18:24 - 2015-02-17 18:24 - 00000000 ____D () C:\ProgramData\Mozilla
    2015-02-17 18:24 - 2015-02-17 18:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-17 17:52 - 2010-01-06 01:20 - 00528896 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192su.sys
    2015-02-12 22:26 - 2015-01-22 19:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 22:26 - 2015-01-22 18:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-12 03:02 - 2015-01-12 17:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-12 03:02 - 2015-01-08 16:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-12 03:02 - 2014-11-25 18:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-12 03:00 - 2015-01-14 20:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-12 03:00 - 2014-12-07 17:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 04:58 - 2015-01-13 17:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 04:58 - 2015-01-13 17:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-11 04:58 - 2015-01-13 17:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 04:58 - 2015-01-13 17:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 04:58 - 2015-01-13 17:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 04:58 - 2015-01-13 17:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 04:58 - 2015-01-13 17:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 04:58 - 2015-01-13 17:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 04:58 - 2015-01-13 17:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 04:58 - 2015-01-13 17:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-11 04:58 - 2015-01-13 17:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 04:58 - 2015-01-13 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 04:58 - 2015-01-13 17:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-11 04:58 - 2015-01-13 17:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-11 04:58 - 2015-01-13 17:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-18 19:10 - 2013-03-23 11:37 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-18 19:02 - 2011-12-29 14:26 - 01669985 _____ () C:\Windows\WindowsUpdate.log
    2015-02-18 18:58 - 2013-03-23 11:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-18 18:57 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-18 18:57 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-18 18:57 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-18 18:56 - 2006-11-02 05:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-18 18:40 - 2012-02-11 17:00 - 00000000 ____D () C:\Qoobox
    2015-02-18 18:37 - 2006-11-02 02:23 - 00000215 _____ () C:\Windows\system.ini
    2015-02-18 11:43 - 2014-08-28 13:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2015-02-18 11:43 - 2012-02-25 13:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-02-18 11:40 - 2012-01-01 11:53 - 00000000 ____D () C:\Users\earl.homepc
    2015-02-18 11:17 - 2012-01-03 16:07 - 00002054 _____ () C:\Users\earl.homepc\Desktop\Kindle.lnk
    2015-02-18 10:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-18 09:28 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
    2015-02-18 09:20 - 2006-11-02 02:33 - 00752894 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-18 06:47 - 2012-01-05 14:44 - 00000000 ____D () C:\Program Files\Yahoo!
    2015-02-18 06:44 - 2012-01-05 14:44 - 00000000 ____D () C:\ProgramData\Yahoo!
    2015-02-18 06:38 - 2012-01-15 15:30 - 00000000 ____D () C:\Users\earl.homepc\AppData\Roaming\Media Player Classic
    2015-02-18 06:37 - 2012-02-12 11:39 - 00000000 ____D () C:\Program Files\FileHippo.com
    2015-02-17 21:08 - 2006-11-02 04:47 - 00239280 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-17 19:56 - 2014-02-22 11:41 - 00000000 ____D () C:\Users\earl.homepc\AppData\Local\Adobe
    2015-02-17 19:36 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Speech
    2015-02-17 19:07 - 2012-02-11 22:33 - 00000000 ____D () C:\Windows\Minidump
    2015-02-17 19:05 - 2013-01-09 16:39 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-17 19:05 - 2013-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-17 19:05 - 2013-01-09 16:39 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-17 19:01 - 2014-02-22 11:35 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-17 19:01 - 2008-11-13 02:57 - 00000000 ____D () C:\Program Files\Java
    2015-02-17 18:57 - 2012-02-01 13:53 - 00000000 ____D () C:\Program Files\Google
    2015-02-17 18:46 - 2008-11-13 02:48 - 00000000 ____D () C:\ProgramData\Temp
    2015-02-17 18:38 - 2012-02-11 14:40 - 00000000 ____D () C:\Users\earl.homepc\AppData\Roaming\Malwarebytes
    2015-02-17 18:37 - 2012-02-11 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-17 18:24 - 2012-02-11 15:05 - 00000000 ____D () C:\Users\earl.homepc\AppData\Roaming\Mozilla
    2015-02-17 18:24 - 2012-02-11 15:05 - 00000000 ____D () C:\Users\earl.homepc\AppData\Local\Mozilla
    2015-02-17 17:41 - 2012-07-02 21:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-17 17:40 - 2012-02-12 11:57 - 00000000 ____D () C:\Program Files\SpywareBlaster
    2015-02-17 17:34 - 2013-01-09 18:28 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-02-12 03:10 - 2013-08-14 02:09 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 03:03 - 2006-11-02 02:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-08 08:58 - 2012-02-11 15:05 - 00000000 ____D () C:\Program Files\SeaMonkey
    2015-02-07 17:25 - 2012-02-11 17:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
    2015-01-27 00:05 - 2013-05-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-23 18:58 - 2012-01-01 12:01 - 00000318 _____ () C:\Windows\Tasks\HPCeeScheduleForearl.job

    ==================== Files in the root of some directories =======

    2015-01-08 06:40 - 2015-01-08 06:40 - 0000680 _____ () C:\Users\earl.homepc\AppData\Local\d3d9caps.dat
    2014-02-22 11:40 - 2014-02-22 11:40 - 0004608 _____ () C:\Users\earl.homepc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-08 18:26 - 2015-01-13 11:48 - 0000112 _____ () C:\ProgramData\5kbOUS1r4.dat

    Files to move or delete:
    ====================
    C:\ProgramData\5kbOUS1r4.dat


    Some content of TEMP:
    ====================
    C:\Users\earl.homepc\AppData\Local\Temp\Quarantine.exe
    C:\Users\earl.homepc\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-18 19:03

    ==================== End Of Log ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...