Andit
Posts: 18 +0
I believe my computer is infected. At night when no programs are running it makes a constant loading sound. I've tried disabling the antivirus/firewall and it still happens.
---------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Shane (administrator) on SHANE-PC (01-01-2016 17:54:25)
Running from C:\Users\Shane\Desktop
Loaded Profiles: Shane (Available Profiles: Shane & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Run: [F.lux] => C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: {05c5c55e-0933-11e3-a5db-386077f9c999} - F:\Startme.exe
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-11-07]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2014-01-27]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{E0DE04D8-E222-41AD-B804-2DA458D6E28E}: [NameServer] 192.168.48.1
Tcpip\..\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {260AABCD-B44D-448B-8F50-F39136744CAE} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10G9z00B92C01g0&sku=&tstsId=&ver=&&r=128
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {C72B0970-5582-4BC4-9A76-EEEF741F680C} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-31] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-31] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {2B171655-A69C-5c18-B693-6CB5DC269D41} - No File
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
FireFox:
========
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default
FF DefaultSearchUrl: hxxps://ca.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: hxxps://ca.search.yahoo.com/yhs/search
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8282
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\yahoo-avast.xml [2014-07-22]
FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\zonealarm.xml [2013-11-21]
FF Extension: Fasterfox Lite - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\FasterFox_Lite@BigRedBrent [2015-06-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-02]
FF Extension: FlashGot - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-02]
FF Extension: LastPass - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\support@lastpass.com [2015-07-24]
FF Extension: No Name - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-07-24] [not signed]
FF Extension: YouTube mp3 - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\info@youtube-mp3.org.xpi [2015-06-02]
FF Extension: Adblock Plus - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] - C:\Program Files (x86)\FVD Suite\addons\Firefox => not found
Chrome:
=======
CHR StartupUrls: Default -> "chrome://bookmarks/#2","hxxps://www.youtube.com/feed/subscriptions","hxxp://theinfounderground.com/smf/index.php?PHPSESSID=69ae330fbe9b585e2f7abf39dd61e83b&"
CHR DefaultSearchURL: Default -> hxxps://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> ixquick.com_
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Video Downloader professional) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-07-01]
CHR Extension: (RotoGrinders - FanDuel Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2015-12-09]
CHR Extension: (Bookmarks Button) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2014-07-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Connectify; no ImagePath
S2 NIHardwareService; no ImagePath
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 YSearchUtilSvc; "C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-04-16] (Connectify)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-11-29] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-08-19] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-08-20] (Sony Ericsson Mobile Communications)
S3 V0500Dev; C:\Windows\System32\DRIVERS\V0500Vid.sys [292064 2007-10-31] (Creative Technology Ltd.)
S2 zntport; \??\C:\Windows\system32\zntport.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-01 17:49 - 2016-01-01 17:54 - 00024882 _____ C:\Users\Shane\Desktop\FRST.txt
2016-01-01 17:49 - 2016-01-01 17:49 - 00000000 ____D C:\Users\Shane\Desktop\New folder
2016-01-01 17:39 - 2016-01-01 17:54 - 00000000 ____D C:\FRST
2016-01-01 17:27 - 2016-01-01 17:27 - 02370560 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
2016-01-01 17:00 - 2016-01-01 17:00 - 00000825 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-01 16:40 - 2016-01-01 16:40 - 05198336 _____ (AVAST Software) C:\Users\Shane\Desktop\aswMBR.exe
2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\Steam
2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\CEF
2016-01-01 06:12 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2016-01-01 05:38 - 2016-01-01 05:38 - 00000000 ____D C:\Users\Shane\Desktop\Process Explorer
2016-01-01 05:13 - 2016-01-01 05:13 - 00001378 _____ C:\Users\Shane\Desktop\Temp.lnk
2016-01-01 04:58 - 2016-01-01 04:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HijackThis.exe
2016-01-01 04:48 - 2016-01-01 05:41 - 00000000 ____D C:\Users\Shane\AppData\Roaming\FreeFixer
2016-01-01 04:48 - 2016-01-01 04:57 - 00000000 ____D C:\Users\Shane\AppData\Local\FreeFixer
2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Program Files\FreeFixer
2015-12-31 13:32 - 2015-12-31 13:32 - 00000089 _____ C:\Users\Shane\Desktop\Space Dandy S01E10.url
2015-12-31 12:53 - 2015-12-31 12:53 - 00001684 _____ C:\Users\Shane\Desktop\Belarc.lnk
2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Users\Shane\AppData\Local\YSearchUtil
2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-31 10:05 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-31 10:05 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-12-31 10:05 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-12-31 10:05 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-31 10:04 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-31 10:04 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-31 10:04 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-31 10:04 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-31 10:04 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-31 10:04 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-31 10:04 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-31 10:04 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-31 10:04 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-31 10:04 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-31 10:04 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation)
---------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Shane (administrator) on SHANE-PC (01-01-2016 17:54:25)
Running from C:\Users\Shane\Desktop
Loaded Profiles: Shane (Available Profiles: Shane & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Run: [F.lux] => C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: {05c5c55e-0933-11e3-a5db-386077f9c999} - F:\Startme.exe
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-11-07]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2014-01-27]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{E0DE04D8-E222-41AD-B804-2DA458D6E28E}: [NameServer] 192.168.48.1
Tcpip\..\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {260AABCD-B44D-448B-8F50-F39136744CAE} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10G9z00B92C01g0&sku=&tstsId=&ver=&&r=128
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {C72B0970-5582-4BC4-9A76-EEEF741F680C} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-31] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-31] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {2B171655-A69C-5c18-B693-6CB5DC269D41} - No File
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
FireFox:
========
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default
FF DefaultSearchUrl: hxxps://ca.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: hxxps://ca.search.yahoo.com/yhs/search
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8282
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\yahoo-avast.xml [2014-07-22]
FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\zonealarm.xml [2013-11-21]
FF Extension: Fasterfox Lite - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\FasterFox_Lite@BigRedBrent [2015-06-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-02]
FF Extension: FlashGot - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-02]
FF Extension: LastPass - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\support@lastpass.com [2015-07-24]
FF Extension: No Name - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-07-24] [not signed]
FF Extension: YouTube mp3 - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\info@youtube-mp3.org.xpi [2015-06-02]
FF Extension: Adblock Plus - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] - C:\Program Files (x86)\FVD Suite\addons\Firefox => not found
Chrome:
=======
CHR StartupUrls: Default -> "chrome://bookmarks/#2","hxxps://www.youtube.com/feed/subscriptions","hxxp://theinfounderground.com/smf/index.php?PHPSESSID=69ae330fbe9b585e2f7abf39dd61e83b&"
CHR DefaultSearchURL: Default -> hxxps://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> ixquick.com_
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Video Downloader professional) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-07-01]
CHR Extension: (RotoGrinders - FanDuel Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2015-12-09]
CHR Extension: (Bookmarks Button) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2014-07-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Connectify; no ImagePath
S2 NIHardwareService; no ImagePath
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 YSearchUtilSvc; "C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-04-16] (Connectify)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-11-29] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-08-19] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-08-20] (Sony Ericsson Mobile Communications)
S3 V0500Dev; C:\Windows\System32\DRIVERS\V0500Vid.sys [292064 2007-10-31] (Creative Technology Ltd.)
S2 zntport; \??\C:\Windows\system32\zntport.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-01 17:49 - 2016-01-01 17:54 - 00024882 _____ C:\Users\Shane\Desktop\FRST.txt
2016-01-01 17:49 - 2016-01-01 17:49 - 00000000 ____D C:\Users\Shane\Desktop\New folder
2016-01-01 17:39 - 2016-01-01 17:54 - 00000000 ____D C:\FRST
2016-01-01 17:27 - 2016-01-01 17:27 - 02370560 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
2016-01-01 17:00 - 2016-01-01 17:00 - 00000825 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-01 16:40 - 2016-01-01 16:40 - 05198336 _____ (AVAST Software) C:\Users\Shane\Desktop\aswMBR.exe
2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\Steam
2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\CEF
2016-01-01 06:12 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2016-01-01 05:38 - 2016-01-01 05:38 - 00000000 ____D C:\Users\Shane\Desktop\Process Explorer
2016-01-01 05:13 - 2016-01-01 05:13 - 00001378 _____ C:\Users\Shane\Desktop\Temp.lnk
2016-01-01 04:58 - 2016-01-01 04:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HijackThis.exe
2016-01-01 04:48 - 2016-01-01 05:41 - 00000000 ____D C:\Users\Shane\AppData\Roaming\FreeFixer
2016-01-01 04:48 - 2016-01-01 04:57 - 00000000 ____D C:\Users\Shane\AppData\Local\FreeFixer
2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Program Files\FreeFixer
2015-12-31 13:32 - 2015-12-31 13:32 - 00000089 _____ C:\Users\Shane\Desktop\Space Dandy S01E10.url
2015-12-31 12:53 - 2015-12-31 12:53 - 00001684 _____ C:\Users\Shane\Desktop\Belarc.lnk
2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Users\Shane\AppData\Local\YSearchUtil
2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-31 10:05 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-31 10:05 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-12-31 10:05 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-12-31 10:05 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-31 10:04 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-31 10:04 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-31 10:04 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-31 10:04 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-31 10:04 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-31 10:04 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-31 10:04 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-31 10:04 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-31 10:04 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-31 10:04 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-31 10:04 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation)