SalePlus malware

N

NAGA DINESH

Hi,

Based on steps provided in https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ I have created FRST.txt and addition.txt files by running FRST.exe. Please find below log for those

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Jaads (administrator) on JAADS-PC on 27-04-2015 20:04:41
Running from C:\Users\Jaads\Desktop
Loaded Profiles: Jaads (Available profiles: Jaads & Juhi)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\ChgService.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Marvell) C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
() C:\Program Files\pcreg\pcreg.exe
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Dropbox, Inc.) C:\Users\Jaads\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(BitTorrent Inc.) C:\Users\Jaads\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2960032 2010-06-09] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-26] (Google)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-23] (Avast Software s.r.o.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {14f84779-c806-11e1-80a1-002219eea930} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {7c38d97f-53d7-11e1-abbc-002219eea930} - G:\.\ShowModem.exe
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\MountPoints2: {9f33d10e-b798-11e0-9266-002219eea930} - F:\setup.exe
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
AppInit_DLLs: c:\progra~1\google\google~1\go36f4~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-07-26] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK [2015-01-24]
ShortcutTarget: hpzrcv01.LNK -> C:\Program Files\HP\Temp\{68550918-63B5-4762-85CB-3C160AA4B213}\setup\hpzstub.exe (No File)
Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-07-26]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jaads\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.lnk [2015-04-27]
ShortcutTarget: wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.lnk -> C:\ProgramData\{7a00e999-a746-11da-7a00-0e999a74a666}\wiz_khalifa_see_you_again_feat_charlie_puth_from_furious_7_ost_mp3_320_kbps_vbuc.exe ()
Startup: C:\Users\Juhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-05-12]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jaads\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-735728238-2046992677-3761878568-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 - (No Name) - {8567a644-e36c-470c-86cf-9c5b4f37db81} - No File
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...AzyyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1227986530
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> DefaultScope {5313B765-AFC2-4790-B4FD-37C3950B0C0F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=697
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={sea...SP_ss&mntrId=c85f86620000000000000c60761d44d6
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {4408C5D3-D063-47B7-F412-10B06D154E1C} URL = http://www.bing.com/search?q={searc...install_date=20111017&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {5313B765-AFC2-4790-B4FD-37C3950B0C0F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Zmg2RfrMUmGHhyrhrPpyBb8jQBI?q={searchTerms}
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...AzyyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1227986530
SearchScopes: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> {B803A11F-AABC-4A2B-B0A9-C538DB6F07F2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1210541
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Define -> {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -> C:\Users\Jaads\AppData\Local\DefineExt\temp.dat No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-735728238-2046992677-3761878568-1000 -> No Name - {8567A644-E36C-470C-86CF-9C5B4F37DB81} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-735728238-2046992677-3761878568-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
FF SearchPlugin: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\searchplugins\google-avast.xml [2015-04-27]
FF SearchPlugin: C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\searchplugins\online-sharing-customized-web-search.xml [2014-07-05]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013-02-13]
FF Extension: Hola Better Internet - C:\Users\Jaads\AppData\Roaming\Mozilla\Firefox\Profiles\y3devndu.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-07-05]
FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org [2013-09-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-01-29]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-04]
FF HKU\S-1-5-21-735728238-2046992677-3761878568-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27]
CHR Extension: (Bookmark Manager) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Google Wallet) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
CHR Extension: (Gmail) - C:\Users\Jaads\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
CHR HKLM\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files\ATDheNetTVApp.com\stv12.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
CHR HKLM\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Jaads\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKU\S-1-5-21-735728238-2046992677-3761878568-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdnpfbghejbddakgogiibkcfcblmeaci] - C:\Users\Jaads\AppData\Local\CRE\kdnpfbghejbddakgogiibkcfcblmeaci.crx [2012-11-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2011-08-31] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-26] (Google)
R2 HPM1319RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [348160 2010-07-05] (Marvell) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-13] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2012-07-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed]
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2011-08-03] (QUALCOMM Incorporated)
S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2008-11-09] (Marvell Semiconductor, Inc.) [File not signed]
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2008-11-09] (Marvell Semiconductor, Inc.) [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-07-20] (CACE Technologies, Inc.)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 20:04 - 2015-04-27 20:10 - 00025702 _____ () C:\Users\Jaads\Desktop\FRST.txt
2015-04-27 20:03 - 2015-04-27 20:05 - 00000000 ___DC () C:\FRST
2015-04-27 20:03 - 2015-04-27 20:03 - 01140736 _____ (Farbar) C:\Users\Jaads\Desktop\FRST.exe
2015-04-27 20:02 - 2015-04-27 20:02 - 02100736 _____ (Farbar) C:\Users\Jaads\Desktop\FRST64.exe
2015-04-27 19:56 - 2015-04-27 19:56 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-27 19:56 - 2015-04-27 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-27 19:56 - 2015-04-27 19:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-27 19:55 - 2015-04-27 19:55 - 06484352 _____ (Piriform Ltd) C:\Users\Jaads\Desktop\ccsetup505.exe
2015-04-27 19:39 - 2015-04-27 19:39 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Jaads\Downloads\flashplayer17_ha_install.exe
2015-04-27 19:05 - 2015-04-27 19:05 - 00000000 ____D () C:\Program Files\Facebook Share Button (by Shareaholic)
2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\ProgramData\nkkankhebjkhbgkcoacbcfoieohemooo
2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\Program Files\SaLePLUS
2015-04-27 19:04 - 2015-04-27 19:04 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-27 19:03 - 2015-04-27 19:03 - 00000474 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-27 19:03 - 2015-04-27 19:03 - 00000000 ____D () C:\ProgramData\{7a00e999-a746-11da-7a00-0e999a74a666}
2015-04-27 18:51 - 2015-04-27 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-27 17:53 - 2015-04-27 17:53 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Marvell
2015-04-24 05:14 - 2015-04-24 05:15 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-23 22:00 - 2015-04-23 21:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-23 21:59 - 2015-04-23 21:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-17 08:37 - 2015-04-17 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-17 08:36 - 2015-04-17 08:37 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-17 08:36 - 2015-04-17 08:37 - 00000000 ____D () C:\Program Files\iTunes
2015-04-17 08:36 - 2015-04-17 08:36 - 00000000 ____D () C:\Program Files\iPod
2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ___RD () C:\Program Files\Skype
2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-17 07:55 - 2015-04-17 07:55 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-16 22:49 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 22:49 - 2015-03-22 23:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 22:49 - 2015-03-22 22:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 22:49 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 22:49 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 22:49 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 22:49 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 22:49 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 22:49 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 22:49 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 22:49 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 22:49 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 22:49 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 22:49 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 22:49 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 22:49 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 22:49 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 22:49 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 22:49 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 22:49 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 22:49 - 2015-03-12 23:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 22:49 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 22:49 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 22:49 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 22:49 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 22:49 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 22:49 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 22:49 - 2015-03-12 23:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 22:49 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 22:49 - 2015-03-12 23:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 22:49 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 22:49 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 22:49 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 22:49 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 22:49 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 22:49 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 22:49 - 2015-03-12 22:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 22:49 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 22:49 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 22:49 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 22:49 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 22:49 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 22:49 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 22:48 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 22:48 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 22:48 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 22:48 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 22:48 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 22:48 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 22:48 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 22:48 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 22:48 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 22:48 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 22:48 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 22:48 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 22:48 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 22:48 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 22:48 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-05 18:22 - 2015-04-05 18:22 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 20:10 - 2012-12-04 20:35 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\uTorrent
2015-04-27 19:53 - 2011-07-26 09:25 - 01952481 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 19:42 - 2011-12-21 23:25 - 00000000 ____D () C:\Users\Jaads\AppData\Local\CrashDumps
2015-04-27 19:41 - 2012-04-01 06:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-27 19:41 - 2011-10-19 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-27 19:41 - 2011-07-26 15:50 - 00000000 ____D () C:\Users\Jaads\AppData\Local\Adobe
2015-04-27 19:18 - 2014-04-04 01:17 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-27 19:18 - 2011-12-22 07:19 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 19:12 - 2012-02-29 02:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735728238-2046992677-3761878568-1004UA.job
2015-04-27 19:11 - 2012-04-01 06:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 19:10 - 2013-08-03 13:12 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\IPEVO
2015-04-27 19:05 - 2014-12-30 16:54 - 00000000 ____D () C:\ProgramData\4857763542091402404
2015-04-27 18:51 - 2011-07-26 18:19 - 00000000 ____D () C:\Program Files\Google
2015-04-27 18:42 - 2012-07-12 02:48 - 00000000 ____D () C:\Users\Jaads\AppData\Local\NPE
2015-04-27 18:30 - 2009-07-14 00:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 18:30 - 2009-07-14 00:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 18:19 - 2014-06-28 14:31 - 00018815 _____ () C:\ProgramData\hpzinstall.log
2015-04-27 17:59 - 2011-08-03 09:11 - 00000000 ___RD () C:\Users\Jaads\Dropbox
2015-04-27 17:59 - 2011-08-02 23:35 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Dropbox
2015-04-27 17:58 - 2015-03-22 10:03 - 00010032 _____ () C:\Windows\system32\debug.log
2015-04-27 17:56 - 2014-05-12 17:07 - 00000396 __RSH () C:\ProgramData\ntuser.pol
2015-04-27 17:56 - 2011-12-22 07:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 17:56 - 2011-07-26 10:31 - 01035768 _____ () C:\Windows\PFRO.log
2015-04-27 17:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 17:54 - 2012-03-01 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-27 17:51 - 2011-07-26 15:55 - 00000000 ____D () C:\Program Files\Adobe
2015-04-27 17:48 - 2011-07-26 15:54 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-27 17:48 - 2011-07-26 15:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-27 17:48 - 2011-07-26 15:50 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Adobe
2015-04-27 17:42 - 2011-07-26 16:26 - 00000000 ____D () C:\ProgramData\Corel
2015-04-27 17:40 - 2012-05-15 23:38 - 00000000 ____D () C:\Users\Public\Documents\Corel
2015-04-27 16:56 - 2014-06-16 17:13 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\XBMC
2015-04-23 22:00 - 2015-01-04 20:11 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-23 22:00 - 2015-01-04 20:11 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-23 21:58 - 2015-01-04 20:11 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-23 21:56 - 2011-08-02 23:36 - 00000000 ____D () C:\Users\Jaads\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 06:34 - 2013-07-27 09:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-22 06:34 - 2012-02-29 02:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735728238-2046992677-3761878568-1004Core.job
2015-04-19 22:51 - 2011-07-26 10:19 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-18 21:47 - 2009-07-14 00:53 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-18 20:40 - 2014-11-08 10:00 - 00000000 ____D () C:\Users\Jaads\AppData\Local\C38D03B0-98C6-47EB-AB2A-B5C96CA57BA8.aplzod
2015-04-18 20:40 - 2011-08-02 22:25 - 00000000 ____D () C:\Users\Jaads\Documents\Outlook Files
2015-04-18 12:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 15:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-04-17 15:09 - 2014-12-30 16:54 - 00000000 ____D () C:\Program Files\uunaiisealleS
2015-04-17 14:42 - 2015-01-11 14:10 - 00000000 ____D () C:\Users\Jaads\Desktop\2015-16
2015-04-17 08:36 - 2014-09-25 23:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-17 08:25 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-17 08:09 - 2014-12-09 23:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 08:09 - 2014-05-07 21:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-17 08:09 - 2014-05-07 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 08:08 - 2011-07-26 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 08:06 - 2009-07-13 22:04 - 00000513 _____ () C:\Windows\win.ini
2015-04-17 07:59 - 2011-07-26 09:30 - 00779212 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 07:55 - 2011-07-28 15:05 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 11:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-09-24 13:15 - 2015-02-21 23:16 - 0000204 _____ () C:\Users\Jaads\AppData\Roaming\WB.CFG
2012-11-19 12:49 - 2012-11-24 01:22 - 0000600 _____ () C:\Users\Jaads\AppData\Roaming\winscp.rnd
2012-06-10 08:30 - 2012-06-10 08:30 - 0003584 _____ () C:\Users\Jaads\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-26 06:08 - 2014-06-26 07:13 - 0000003 _____ () C:\Users\Jaads\AppData\Local\proxy.log
2012-11-18 16:22 - 2012-11-18 16:23 - 0000600 _____ () C:\Users\Jaads\AppData\Local\PUTTY.RND
2011-07-26 16:33 - 2011-07-26 16:34 - 0000072 _____ () C:\Users\Jaads\AppData\Local\xobni_installer_updater.log
2013-05-15 08:18 - 2013-05-15 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-24 13:06 - 2011-08-31 04:21 - 0114688 _____ () C:\ProgramData\ChgService.exe
2014-06-28 14:31 - 2015-04-27 18:19 - 0018815 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\ChgService.exe


Some content of TEMP:
====================
C:\Users\Jaads\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5zk6pv.dll
C:\Users\Jaads\AppData\Local\Temp\Modem_installation.exe
C:\Users\Jaads\AppData\Local\Temp\ose00000.exe
C:\Users\Juhi\AppData\Local\Temp\air5D66.exe
C:\Users\Juhi\AppData\Local\Temp\air63C9.exe
C:\Users\Juhi\AppData\Local\Temp\air7612.exe
C:\Users\Juhi\AppData\Local\Temp\airA455.exe
C:\Users\Juhi\AppData\Local\Temp\airC161.exe
C:\Users\Juhi\AppData\Local\Temp\airCE21.exe
C:\Users\Juhi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Juhi\AppData\Local\Temp\C162_HiDefMedia-1.1.12-win32C.exe
C:\Users\Juhi\AppData\Local\Temp\dsapi.exe
C:\Users\Juhi\AppData\Local\Temp\file_3755622621.exe
C:\Users\Juhi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Juhi\AppData\Local\Temp\keepmysettingsx.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 18:18

==================== End Of Log ============================

Can you please help me out in deleting the extension salePlus. Thanks in advance for support!!
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

I couldnt be able to copy paste it here
Click to expand...
Why?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back