TechSpot

SalePlus malware

By NAGA DINESH
Apr 27, 2015
  1. Hi,

    Based on steps provided in http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/ I have created FRST.txt and addition.txt files by running FRST.exe. Please find below log for those

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
    Ran by Jaads (administrator) on JAADS-PC on 27-04-2015 20:04:41
    Running from C:\Users\Jaads\Desktop
    Loaded Profiles: Jaads (Available profiles: Jaads & Juhi)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\ProgramData\ChgService.exe
    (Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
    (Marvell) C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
    () C:\Program Files\pcreg\pcreg.exe
    (brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    (Dropbox, Inc.) C:\Users\Jaads\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (BitTorrent Inc.) C:\Users\Jaads\AppData\Roaming\uTorrent\uTorrent.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2960032 2010-06-09] (Dell Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-26] (Google)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-23] (Avast Software s.r.o.)
    HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {14f84779-c806-11e1-80a1-002219eea930} - G:\setup_vmb_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {7c38d97f-53d7-11e1-abbc-002219eea930} - G:\.\ShowModem.exe
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {9f33d10e-b798-11e0-9266-002219eea930} - F:\setup.exe
    AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
    AppInit_DLLs: c:\progra~1\google\google~1\go36f4~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-07-26] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK [2015-01-24]
    ShortcutTarget: hpzrcv01.LNK -> C:\Program Files\HP\Temp\{68550918-63B5-4762-85CB-3C160AA4B213}\setup\hpzstub.exe (No File)
    Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-07-26]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-23]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Jaads\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.lnk [2015-04-27]
    ShortcutTarget: wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.lnk -> C:\ProgramData\{7a00e999-a746-11da-7a00-0e999a74a666}\wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.exe ()
    Startup: C:\Users\Juhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-05-12]
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    URLSearchHook: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 - (No Name) - {8567a644-e36c-470c-86cf-9c5b4f37db81} - No File
    SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...AzyyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1227986530
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> DefaultScope {5313B765-AFC2-4790-B4FD-37C3950B0C0F} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=697
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={sea...SP_ss&mntrId=c85f86620000000000000c60761d44d6
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {4408C5D3-D063-47B7-F412-10B06D154E1C} URL = http://www.bing.com/search?q={searc...install_date=20111017&iesrc={referrer:source}
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {5313B765-AFC2-4790-B4FD-37C3950B0C0F} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Zmg2RfrMUmGHhyrhrPpyBb8jQBI?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...AzyyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1227986530
    SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {B803A11F-AABC-4A2B-B0A9-C538DB6F07F2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1210541
    BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Define -> {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -> C:\Users\Jaads\AppData\Local\DefineExt\temp.dat No File
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
    Toolbar: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> No Name - {8567A644-E36C-470C-86CF-9C5B4F37DB81} - No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF NewTab: about:newtab
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-735728238-2046992677-3761878568-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
    FF SearchPlugin: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\searchplugins\google-avast.xml [2015-04-27]
    FF SearchPlugin: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\searchplugins\online-sharing-customized-web-search.xml [2014-07-05]
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013-02-13]
    FF Extension: Hola Better Internet - C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-07-05]
    FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org [2013-09-09]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-29]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-01-29]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-02]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-28]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-04]
    FF HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR Profile: C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27]
    CHR Extension: (Bookmark Manager) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
    CHR Extension: (Google Wallet) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
    CHR Extension: (Gmail) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
    CHR HKLM\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files\ATDheNetTVApp.com\stv12.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-23]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
    CHR HKLM\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Jaads\AppData\Local\Temp\tbch.crx [Not Found]
    CHR HKU\S-1-5-21-735728238-2046992677-3761878568-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdnpfbghejbddakgogiibkcfcblmeaci] - C:\Users\Jaads\AppData\Local\CRE\kdnpfbghejbddakgogiibkcfcblmeaci.crx [2012-11-30]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
    R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
    R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2011-08-31] () [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
    R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-26] (Google)
    R2 HPM1319RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [348160 2010-07-05] (Marvell) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-13] () [File not signed]
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
    R2 Themes; C:\Windows\system32\themeservice.dll [37376 2012-07-26] (Microsoft Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
    S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed]
    S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2011-08-03] (QUALCOMM Incorporated)
    S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )
    S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2008-11-09] (Marvell Semiconductor, Inc.) [File not signed]
    S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2008-11-09] (Marvell Semiconductor, Inc.) [File not signed]
    R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
    R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
    R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-07-20] (CACE Technologies, Inc.)
    S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
    S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
    S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
    S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
    S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-27 20:04 - 2015-04-27 20:10 - 00025702 _____ () C:\Users\Jaads\Desktop\FRST.txt
    2015-04-27 20:03 - 2015-04-27 20:05 - 00000000 ___DC () C:\FRST
    2015-04-27 20:03 - 2015-04-27 20:03 - 01140736 _____ (Farbar) C:\Users\Jaads\Desktop\FRST.exe
    2015-04-27 20:02 - 2015-04-27 20:02 - 02100736 _____ (Farbar) C:\Users\Jaads\Desktop\FRST64.exe
    2015-04-27 19:56 - 2015-04-27 19:56 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-04-27 19:56 - 2015-04-27 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-04-27 19:56 - 2015-04-27 19:56 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-27 19:55 - 2015-04-27 19:55 - 06484352 _____ (Piriform Ltd) C:\Users\Jaads\Desktop\ccsetup505.exe
    2015-04-27 19:39 - 2015-04-27 19:39 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Jaads\Downloads\flashplayer17_ha_install.exe
    2015-04-27 19:05 - 2015-04-27 19:05 - 00000000 ____D () C:\Program Files\Facebook Share Button (by Shareaholic)
    2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\ProgramData\nkkankhebjkhbgkcoacbcfoieohemooo
    2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\Program Files\SaLePLUS
    2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\Program Files\bestadblocker
    2015-04-27 19:03 - 2015-04-27 19:03 - 00000474 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
    2015-04-27 19:03 - 2015-04-27 19:03 - 00000000 ____D () C:\ProgramData\{7a00e999-a746-11da-7a00-0e999a74a666}
    2015-04-27 18:51 - 2015-04-27 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-04-27 17:53 - 2015-04-27 17:53 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Marvell
    2015-04-24 05:14 - 2015-04-24 05:15 - 00000000 ____D () C:\Windows\system32\vbox
    2015-04-23 22:00 - 2015-04-23 21:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-04-23 21:59 - 2015-04-23 21:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-17 08:37 - 2015-04-17 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-04-17 08:36 - 2015-04-17 08:37 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-04-17 08:36 - 2015-04-17 08:37 - 00000000 ____D () C:\Program Files\iTunes
    2015-04-17 08:36 - 2015-04-17 08:36 - 00000000 ____D () C:\Program Files\iPod
    2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ___RD () C:\Program Files\Skype
    2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-04-16 22:49 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-16 22:49 - 2015-03-22 23:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-16 22:49 - 2015-03-22 22:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-16 22:49 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-04-16 22:49 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-16 22:49 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-16 22:49 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-04-16 22:49 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-04-16 22:49 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-04-16 22:49 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-04-16 22:49 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-04-16 22:49 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-04-16 22:49 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-04-16 22:49 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-04-16 22:49 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-04-16 22:49 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-16 22:49 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-04-16 22:49 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-16 22:49 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-04-16 22:49 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-16 22:49 - 2015-03-12 23:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-04-16 22:49 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-16 22:49 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-16 22:49 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-16 22:49 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-16 22:49 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-16 22:49 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-16 22:49 - 2015-03-12 23:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-16 22:49 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-16 22:49 - 2015-03-12 23:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-04-16 22:49 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-16 22:49 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-16 22:49 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-16 22:49 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-16 22:49 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-16 22:49 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-16 22:49 - 2015-03-12 22:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-16 22:49 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-16 22:49 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-16 22:49 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-16 22:49 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-16 22:49 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-16 22:49 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-16 22:48 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-16 22:48 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-16 22:48 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-16 22:48 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-16 22:48 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-16 22:48 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-16 22:48 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-16 22:48 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-16 22:48 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-16 22:48 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-16 22:48 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-04-16 22:48 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-16 22:48 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-16 22:48 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-16 22:48 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-05 18:22 - 2015-04-05 18:22 - 00000000 ___SD () C:\Windows\system32\GWX

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-27 20:10 - 2012-12-04 20:35 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\uTorrent
    2015-04-27 19:53 - 2011-07-26 09:25 - 01952481 _____ () C:\Windows\WindowsUpdate.log
    2015-04-27 19:42 - 2011-12-21 23:25 - 00000000 ____D () C:\Users\Jaads\AppData\Local\CrashDumps
    2015-04-27 19:41 - 2012-04-01 06:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-04-27 19:41 - 2011-10-19 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-04-27 19:41 - 2011-07-26 15:50 - 00000000 ____D () C:\Users\Jaads\AppData\Local\Adobe
    2015-04-27 19:18 - 2014-04-04 01:17 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-04-27 19:18 - 2011-12-22 07:19 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-27 19:12 - 2012-02-29 02:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735728238-2046992677-3761878568-1004UA.job
    2015-04-27 19:11 - 2012-04-01 06:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-27 19:10 - 2013-08-03 13:12 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\IPEVO
    2015-04-27 19:05 - 2014-12-30 16:54 - 00000000 ____D () C:\ProgramData\4857763542091402404
    2015-04-27 18:51 - 2011-07-26 18:19 - 00000000 ____D () C:\Program Files\Google
    2015-04-27 18:42 - 2012-07-12 02:48 - 00000000 ____D () C:\Users\Jaads\AppData\Local\NPE
    2015-04-27 18:30 - 2009-07-14 00:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-27 18:30 - 2009-07-14 00:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-27 18:19 - 2014-06-28 14:31 - 00018815 _____ () C:\ProgramData\hpzinstall.log
    2015-04-27 17:59 - 2011-08-03 09:11 - 00000000 ___RD () C:\Users\Jaads\Dropbox
    2015-04-27 17:59 - 2011-08-02 23:35 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Dropbox
    2015-04-27 17:58 - 2015-03-22 10:03 - 00010032 _____ () C:\Windows\system32\debug.log
    2015-04-27 17:56 - 2014-05-12 17:07 - 00000396 __RSH () C:\ProgramData\ntuser.pol
    2015-04-27 17:56 - 2011-12-22 07:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-27 17:56 - 2011-07-26 10:31 - 01035768 _____ () C:\Windows\PFRO.log
    2015-04-27 17:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-27 17:54 - 2012-03-01 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-04-27 17:51 - 2011-07-26 15:55 - 00000000 ____D () C:\Program Files\Adobe
    2015-04-27 17:48 - 2011-07-26 15:54 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-27 17:48 - 2011-07-26 15:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-04-27 17:48 - 2011-07-26 15:50 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Adobe
    2015-04-27 17:42 - 2011-07-26 16:26 - 00000000 ____D () C:\ProgramData\Corel
    2015-04-27 17:40 - 2012-05-15 23:38 - 00000000 ____D () C:\Users\Public\Documents\Corel
    2015-04-27 16:56 - 2014-06-16 17:13 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\XBMC
    2015-04-23 22:00 - 2015-01-04 20:11 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-04-23 22:00 - 2015-01-04 20:11 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-04-23 21:58 - 2015-01-04 20:11 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-04-23 21:56 - 2011-08-02 23:36 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-04-22 06:34 - 2013-07-27 09:10 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-22 06:34 - 2012-02-29 02:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735728238-2046992677-3761878568-1004Core.job
    2015-04-19 22:51 - 2011-07-26 10:19 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-18 21:47 - 2009-07-14 00:53 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-18 20:40 - 2014-11-08 10:00 - 00000000 ____D () C:\Users\Jaads\AppData\Local\C38D03B0-98C6-47EB-AB2A-B5C96CA57BA8.aplzod
    2015-04-18 20:40 - 2011-08-02 22:25 - 00000000 ____D () C:\Users\Jaads\Documents\Outlook Files
    2015-04-18 12:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-17 15:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2015-04-17 15:09 - 2014-12-30 16:54 - 00000000 ____D () C:\Program Files\uunaiisealleS
    2015-04-17 14:42 - 2015-01-11 14:10 - 00000000 ____D () C:\Users\Jaads\Desktop\2015-16
    2015-04-17 08:36 - 2014-09-25 23:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-04-17 08:25 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-17 08:09 - 2014-12-09 23:20 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-17 08:09 - 2014-05-07 21:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-04-17 08:09 - 2014-05-07 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-17 08:08 - 2011-07-26 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-17 08:06 - 2009-07-13 22:04 - 00000513 _____ () C:\Windows\win.ini
    2015-04-17 07:59 - 2011-07-26 09:30 - 00779212 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-17 07:55 - 2011-07-28 15:05 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-11 11:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF

    ==================== Files in the root of some directories =======

    2013-09-24 13:15 - 2015-02-21 23:16 - 0000204 _____ () C:\Users\Jaads\AppData\Roaming\WB.CFG
    2012-11-19 12:49 - 2012-11-24 01:22 - 0000600 _____ () C:\Users\Jaads\AppData\Roaming\winscp.rnd
    2012-06-10 08:30 - 2012-06-10 08:30 - 0003584 _____ () C:\Users\Jaads\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-26 06:08 - 2014-06-26 07:13 - 0000003 _____ () C:\Users\Jaads\AppData\Local\proxy.log
    2012-11-18 16:22 - 2012-11-18 16:23 - 0000600 _____ () C:\Users\Jaads\AppData\Local\PUTTY.RND
    2011-07-26 16:33 - 2011-07-26 16:34 - 0000072 _____ () C:\Users\Jaads\AppData\Local\xobni_installer_updater.log
    2013-05-15 08:18 - 2013-05-15 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-06-24 13:06 - 2011-08-31 04:21 - 0114688 _____ () C:\ProgramData\ChgService.exe
    2014-06-28 14:31 - 2015-04-27 18:19 - 0018815 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\ProgramData\ChgService.exe


    Some content of TEMP:
    ====================
    C:\Users\Jaads\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5zk6pv.dll
    C:\Users\Jaads\AppData\Local\Temp\Modem_installation.exe
    C:\Users\Jaads\AppData\Local\Temp\ose00000.exe
    C:\Users\Juhi\AppData\Local\Temp\air5D66.exe
    C:\Users\Juhi\AppData\Local\Temp\air63C9.exe
    C:\Users\Juhi\AppData\Local\Temp\air7612.exe
    C:\Users\Juhi\AppData\Local\Temp\airA455.exe
    C:\Users\Juhi\AppData\Local\Temp\airC161.exe
    C:\Users\Juhi\AppData\Local\Temp\airCE21.exe
    C:\Users\Juhi\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Juhi\AppData\Local\Temp\C162_HiDefMedia-1.1.12-win32C.exe
    C:\Users\Juhi\AppData\Local\Temp\dsapi.exe
    C:\Users\Juhi\AppData\Local\Temp\file_3755622621.exe
    C:\Users\Juhi\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\Juhi\AppData\Local\Temp\keepmysettingsx.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-27 18:18

    ==================== End Of Log ============================

    Can you please help me out in deleting the extension salePlus. Thanks in advance for support!!
     
  2. NAGA DINESH

    NAGA DINESH TS Rookie Topic Starter

    Please find the attached addition.txt file as I couldnt be able to copy paste it here
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Why?
     
  4. NAGA DINESH

    NAGA DINESH TS Rookie Topic Starter

    It is more than 50000 chars. In thread it is allowed to post upto 50000 chars
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    As our instructions say, split the log between couple of replies.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...