TechSpot

Unwanted home page change

By mom26gr8kids
Feb 3, 2015
  1. Noticed on my computer today that there was a new homepage. Super Anti-Spyware clean and Avira clean, but MBAm found a PUP. Here is the mbam log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/2/2015
    Scan Time: 9:21:37 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.03.01
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: songe_000

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 347127
    Time Elapsed: 39 min, 28 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.WebSearch.A, C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\searchplugins\Web Search.xml, Quarantined, [62abc258dcae00367335467ac93a966a],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    When I Iooked at my anti-virus report this evening it said no viruses were detected but I didn't notice at first that it said there were 2 warnings. So I am posting that report as well.

    Avira Free Antivirus
    Report file date: Monday, February 2, 2015 20:59


    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira Antivirus Free
    Serial number : 0000149996-AVHOE-0000001
    Platform : Windows 8.1
    Windows version : (plain) [6.2.9200]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : MOMSPC

    Version information:
    BUILD.DAT : 14.0.7.468 91859 Bytes 11/24/2014 10:23:00
    AVSCAN.EXE : 14.0.7.462 1015544 Bytes 12/17/2014 07:58:14
    AVSCANRC.DLL : 14.0.7.308 54576 Bytes 11/19/2014 05:32:33
    LUKE.DLL : 14.0.7.462 60664 Bytes 12/17/2014 07:58:28
    AVSCPLR.DLL : 14.0.7.440 93488 Bytes 12/17/2014 07:58:14
    REPAIR.DLL : 14.0.7.412 366328 Bytes 12/17/2014 07:58:13
    REPAIR.RDF : 1.0.4.40 695717 Bytes 2/1/2015 08:14:57
    AVREG.DLL : 14.0.7.310 264952 Bytes 11/19/2014 05:32:28
    AVLODE.DLL : 14.0.7.440 561456 Bytes 12/17/2014 07:58:13
    AVLODE.RDF : 14.0.4.54 78895 Bytes 12/5/2014 20:43:08
    XBV00014.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00015.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00016.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00017.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00018.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00019.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00020.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00021.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00022.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00023.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00024.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00025.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00026.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00027.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00028.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00029.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00030.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00031.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00032.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00033.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00034.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00035.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00036.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00037.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00038.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00039.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00040.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00041.VDF : 8.11.165.190 2048 Bytes 8/7/2014 18:44:30
    XBV00203.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00204.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00205.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00206.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00207.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00208.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:39
    XBV00209.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00210.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00211.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00212.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00213.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00214.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00215.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00216.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:40
    XBV00217.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00218.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00219.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00220.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00221.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00222.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00223.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:41
    XBV00224.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00225.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00226.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00227.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00228.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00229.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00230.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00231.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:42
    XBV00232.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00233.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00234.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00235.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00236.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00237.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00238.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:43
    XBV00239.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00240.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00241.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00242.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00243.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00244.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00245.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:44
    XBV00246.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00247.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00248.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00249.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00250.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00251.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00252.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00253.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:45
    XBV00254.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:46
    XBV00255.VDF : 8.11.201.28 2048 Bytes 1/14/2015 07:57:46
    XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 18:44:30
    XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 18:44:30
    XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 18:44:30
    XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 18:44:30
    XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 18:44:30
    XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 18:44:30
    XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 18:44:30
    XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 18:44:30
    XBV00008.VDF : 8.11.165.192 4251136 Bytes 8/7/2014 18:44:30
    XBV00009.VDF : 8.11.172.30 2094080 Bytes 9/15/2014 18:44:30
    XBV00010.VDF : 8.11.178.32 1581056 Bytes 10/14/2014 00:03:29
    XBV00011.VDF : 8.11.184.50 2178560 Bytes 11/11/2014 17:03:06
    XBV00012.VDF : 8.11.190.32 1876992 Bytes 12/3/2014 20:43:10
    XBV00013.VDF : 8.11.201.28 2973696 Bytes 1/14/2015 07:57:17
    XBV00042.VDF : 8.11.201.52 20992 Bytes 1/14/2015 07:57:17
    XBV00043.VDF : 8.11.201.74 2048 Bytes 1/14/2015 07:57:17
    XBV00044.VDF : 8.11.201.100 13824 Bytes 1/14/2015 07:57:17
    XBV00045.VDF : 8.11.201.124 4608 Bytes 1/14/2015 07:57:18
    XBV00046.VDF : 8.11.201.126 8704 Bytes 1/15/2015 07:57:18
    XBV00047.VDF : 8.11.201.128 2048 Bytes 1/15/2015 07:57:18
    XBV00048.VDF : 8.11.201.132 13824 Bytes 1/15/2015 07:57:18
    XBV00049.VDF : 8.11.201.134 9216 Bytes 1/15/2015 21:42:13
    XBV00050.VDF : 8.11.201.136 26112 Bytes 1/15/2015 21:42:13
    XBV00051.VDF : 8.11.201.138 2048 Bytes 1/15/2015 21:42:13
    XBV00052.VDF : 8.11.201.142 40960 Bytes 1/15/2015 21:42:13
    XBV00053.VDF : 8.11.201.144 5120 Bytes 1/15/2015 21:42:14
    XBV00054.VDF : 8.11.201.148 20992 Bytes 1/16/2015 21:42:14
    XBV00055.VDF : 8.11.201.150 8192 Bytes 1/16/2015 21:42:14
    XBV00056.VDF : 8.11.201.152 9728 Bytes 1/16/2015 21:42:14
    XBV00057.VDF : 8.11.201.154 12288 Bytes 1/16/2015 21:42:14
    XBV00058.VDF : 8.11.201.176 50176 Bytes 1/16/2015 21:42:15
    XBV00059.VDF : 8.11.201.196 2048 Bytes 1/16/2015 21:42:15
    XBV00060.VDF : 8.11.201.216 2048 Bytes 1/16/2015 21:42:15
    XBV00061.VDF : 8.11.201.236 27648 Bytes 1/16/2015 21:42:15
    XBV00062.VDF : 8.11.201.238 2048 Bytes 1/16/2015 21:42:15
    XBV00063.VDF : 8.11.202.4 13312 Bytes 1/16/2015 21:42:15
    XBV00064.VDF : 8.11.202.6 2048 Bytes 1/16/2015 21:42:15
    XBV00065.VDF : 8.11.202.26 3584 Bytes 1/16/2015 03:47:49
    XBV00066.VDF : 8.11.202.28 3584 Bytes 1/17/2015 03:47:49
    XBV00067.VDF : 8.11.202.32 53760 Bytes 1/17/2015 18:57:08
    XBV00068.VDF : 8.11.202.34 16896 Bytes 1/17/2015 18:57:08
    XBV00069.VDF : 8.11.202.36 2048 Bytes 1/17/2015 18:57:08
    XBV00070.VDF : 8.11.202.56 14336 Bytes 1/17/2015 18:57:08
    XBV00071.VDF : 8.11.202.76 124416 Bytes 1/18/2015 03:50:25
    XBV00072.VDF : 8.11.202.78 2048 Bytes 1/18/2015 03:50:25
    XBV00073.VDF : 8.11.202.98 30720 Bytes 1/18/2015 03:50:25
    XBV00074.VDF : 8.11.202.118 27648 Bytes 1/18/2015 03:50:25
    XBV00075.VDF : 8.11.202.136 94720 Bytes 1/19/2015 06:12:55
    XBV00076.VDF : 8.11.202.170 2048 Bytes 1/19/2015 06:12:55
    XBV00077.VDF : 8.11.202.188 19968 Bytes 1/19/2015 06:12:55
    XBV00078.VDF : 8.11.202.206 2048 Bytes 1/19/2015 06:12:55
    XBV00079.VDF : 8.11.202.224 27136 Bytes 1/19/2015 06:12:55
    XBV00080.VDF : 8.11.202.226 17408 Bytes 1/19/2015 06:12:55
    XBV00081.VDF : 8.11.202.238 38400 Bytes 1/19/2015 06:12:55
    XBV00082.VDF : 8.11.203.0 56832 Bytes 1/19/2015 06:12:55
    XBV00083.VDF : 8.11.203.20 28672 Bytes 1/19/2015 06:12:55
    XBV00084.VDF : 8.11.203.36 12800 Bytes 1/19/2015 06:12:55
    XBV00085.VDF : 8.11.203.54 57856 Bytes 1/20/2015 07:38:33
    XBV00086.VDF : 8.11.203.58 2048 Bytes 1/20/2015 07:38:33
    XBV00087.VDF : 8.11.203.74 22016 Bytes 1/20/2015 07:38:33
    XBV00088.VDF : 8.11.203.90 11776 Bytes 1/20/2015 07:38:33
    XBV00089.VDF : 8.11.203.106 10240 Bytes 1/20/2015 07:38:33
    XBV00090.VDF : 8.11.203.122 7680 Bytes 1/20/2015 07:38:33
    XBV00091.VDF : 8.11.203.138 13312 Bytes 1/20/2015 07:38:33
    XBV00092.VDF : 8.11.203.142 61952 Bytes 1/20/2015 07:38:34
    XBV00093.VDF : 8.11.203.144 2048 Bytes 1/20/2015 07:38:34
    XBV00094.VDF : 8.11.203.148 39424 Bytes 1/20/2015 07:38:34
    XBV00095.VDF : 8.11.203.152 2048 Bytes 1/20/2015 07:38:34
    XBV00096.VDF : 8.11.203.156 2048 Bytes 1/20/2015 07:38:34
    XBV00097.VDF : 8.11.203.158 18944 Bytes 1/20/2015 07:38:34
    XBV00098.VDF : 8.11.203.160 13824 Bytes 1/21/2015 07:38:34
    XBV00099.VDF : 8.11.203.176 44544 Bytes 1/21/2015 07:38:34
    XBV00100.VDF : 8.11.203.190 12800 Bytes 1/21/2015 06:11:42
    XBV00101.VDF : 8.11.203.204 13824 Bytes 1/21/2015 06:11:42
    XBV00102.VDF : 8.11.203.218 13824 Bytes 1/21/2015 06:11:42
    XBV00103.VDF : 8.11.203.220 2048 Bytes 1/21/2015 06:11:42
    XBV00104.VDF : 8.11.203.222 22016 Bytes 1/21/2015 06:11:42
    XBV00105.VDF : 8.11.203.224 2048 Bytes 1/21/2015 06:11:42
    XBV00106.VDF : 8.11.203.230 47104 Bytes 1/21/2015 06:11:42
    XBV00107.VDF : 8.11.203.244 7680 Bytes 1/21/2015 06:11:42
    XBV00108.VDF : 8.11.204.2 2048 Bytes 1/21/2015 06:11:43
    XBV00109.VDF : 8.11.204.16 26112 Bytes 1/21/2015 06:11:43
    XBV00110.VDF : 8.11.204.18 14336 Bytes 1/21/2015 06:11:43
    XBV00111.VDF : 8.11.204.32 14336 Bytes 1/22/2015 06:11:43
    XBV00112.VDF : 8.11.204.48 58368 Bytes 1/22/2015 03:31:26
    XBV00113.VDF : 8.11.204.50 2048 Bytes 1/22/2015 03:31:26
    XBV00114.VDF : 8.11.204.64 52736 Bytes 1/22/2015 03:31:26
    XBV00115.VDF : 8.11.204.76 2048 Bytes 1/22/2015 03:31:26
    XBV00116.VDF : 8.11.204.88 2048 Bytes 1/22/2015 03:31:27
    XBV00117.VDF : 8.11.204.102 2048 Bytes 1/22/2015 03:31:27
    XBV00118.VDF : 8.11.204.114 2048 Bytes 1/22/2015 03:31:27
    XBV00119.VDF : 8.11.204.126 51712 Bytes 1/22/2015 03:31:27
    XBV00120.VDF : 8.11.204.142 41472 Bytes 1/22/2015 03:31:28
    XBV00121.VDF : 8.11.204.154 12288 Bytes 1/22/2015 03:31:28
    XBV00122.VDF : 8.11.204.158 38400 Bytes 1/23/2015 22:30:14
    XBV00123.VDF : 8.11.204.170 2048 Bytes 1/23/2015 22:30:14
    XBV00124.VDF : 8.11.204.182 33280 Bytes 1/23/2015 22:30:15
    XBV00125.VDF : 8.11.204.194 8192 Bytes 1/23/2015 22:30:15
    XBV00126.VDF : 8.11.204.206 3072 Bytes 1/23/2015 22:30:15
    XBV00127.VDF : 8.11.204.208 20480 Bytes 1/23/2015 22:30:15
    XBV00128.VDF : 8.11.204.214 3584 Bytes 1/23/2015 05:18:17
    XBV00129.VDF : 8.11.204.218 4608 Bytes 1/23/2015 05:18:17
    XBV00130.VDF : 8.11.204.220 4608 Bytes 1/24/2015 05:18:17
    XBV00131.VDF : 8.11.204.224 47104 Bytes 1/24/2015 05:19:28
    XBV00132.VDF : 8.11.204.238 35840 Bytes 1/24/2015 05:19:28
    XBV00133.VDF : 8.11.204.248 2048 Bytes 1/24/2015 05:19:29
    XBV00134.VDF : 8.11.205.2 103936 Bytes 1/25/2015 01:52:53
    XBV00135.VDF : 8.11.205.14 30208 Bytes 1/25/2015 01:52:53
    XBV00136.VDF : 8.11.205.24 90112 Bytes 1/26/2015 01:52:53
    XBV00137.VDF : 8.11.205.34 2048 Bytes 1/26/2015 01:52:53
    XBV00138.VDF : 8.11.205.44 8704 Bytes 1/26/2015 01:52:53
    XBV00139.VDF : 8.11.205.54 9216 Bytes 1/26/2015 01:52:54
    XBV00140.VDF : 8.11.205.64 10240 Bytes 1/26/2015 01:52:54
    XBV00141.VDF : 8.11.205.66 7168 Bytes 1/26/2015 01:52:54
    XBV00142.VDF : 8.11.205.68 2048 Bytes 1/26/2015 01:52:54
    XBV00143.VDF : 8.11.205.76 82944 Bytes 1/26/2015 01:52:54
    XBV00144.VDF : 8.11.205.78 2048 Bytes 1/26/2015 01:52:54
    XBV00145.VDF : 8.11.205.90 14848 Bytes 1/26/2015 01:52:54
    XBV00146.VDF : 8.11.205.100 20992 Bytes 1/27/2015 02:36:07
    XBV00147.VDF : 8.11.205.108 8704 Bytes 1/27/2015 02:36:07
    XBV00148.VDF : 8.11.205.116 11264 Bytes 1/27/2015 02:36:07
    XBV00149.VDF : 8.11.205.118 6144 Bytes 1/27/2015 02:36:07
    XBV00150.VDF : 8.11.205.120 11264 Bytes 1/27/2015 02:36:08
    XBV00151.VDF : 8.11.205.122 15872 Bytes 1/27/2015 02:36:08
    XBV00152.VDF : 8.11.205.126 22528 Bytes 1/27/2015 02:36:08
    XBV00153.VDF : 8.11.205.128 3072 Bytes 1/27/2015 02:36:08
    XBV00154.VDF : 8.11.205.134 7168 Bytes 1/27/2015 02:36:08
    XBV00155.VDF : 8.11.205.140 2048 Bytes 1/27/2015 02:36:08
    XBV00156.VDF : 8.11.205.142 25600 Bytes 1/27/2015 02:36:08
    XBV00157.VDF : 8.11.205.146 45568 Bytes 1/28/2015 02:36:09
    XBV00158.VDF : 8.11.205.154 11264 Bytes 1/28/2015 02:36:09
    XBV00159.VDF : 8.11.205.162 14848 Bytes 1/28/2015 02:36:09
    XBV00160.VDF : 8.11.205.170 8704 Bytes 1/28/2015 02:36:09
    XBV00161.VDF : 8.11.205.178 12800 Bytes 1/28/2015 02:36:09
    XBV00162.VDF : 8.11.205.182 77824 Bytes 1/28/2015 02:36:09
    XBV00163.VDF : 8.11.205.184 2560 Bytes 1/28/2015 02:36:09
    XBV00164.VDF : 8.11.205.192 22528 Bytes 1/28/2015 02:36:10
    XBV00165.VDF : 8.11.205.200 20992 Bytes 1/28/2015 02:36:10
    XBV00166.VDF : 8.11.205.208 24576 Bytes 1/29/2015 06:54:09
    XBV00167.VDF : 8.11.205.214 2048 Bytes 1/29/2015 06:54:09
    XBV00168.VDF : 8.11.205.218 37376 Bytes 1/29/2015 06:54:10
    XBV00169.VDF : 8.11.205.220 2048 Bytes 1/29/2015 06:54:10
    XBV00170.VDF : 8.11.205.224 68096 Bytes 1/29/2015 06:54:11
    XBV00171.VDF : 8.11.205.228 2048 Bytes 1/29/2015 06:54:11
    XBV00172.VDF : 8.11.205.230 2048 Bytes 1/29/2015 06:54:11
    XBV00173.VDF : 8.11.205.232 2048 Bytes 1/29/2015 06:54:11
    XBV00174.VDF : 8.11.205.234 33280 Bytes 1/29/2015 06:54:12
    XBV00175.VDF : 8.11.205.236 2048 Bytes 1/29/2015 06:54:13
    XBV00176.VDF : 8.11.205.240 35840 Bytes 1/30/2015 06:54:13
    XBV00177.VDF : 8.11.205.246 2048 Bytes 1/30/2015 06:54:14
    XBV00178.VDF : 8.11.205.254 38912 Bytes 1/30/2015 08:14:54
    XBV00179.VDF : 8.11.206.0 2048 Bytes 1/30/2015 08:14:54
    XBV00180.VDF : 8.11.206.26 50688 Bytes 1/30/2015 08:14:55
    XBV00181.VDF : 8.11.206.42 15872 Bytes 1/30/2015 08:14:55
    XBV00182.VDF : 8.11.206.44 3072 Bytes 1/30/2015 08:14:55
    XBV00183.VDF : 8.11.206.52 6656 Bytes 1/31/2015 08:14:55
    XBV00184.VDF : 8.11.206.62 29184 Bytes 1/31/2015 08:14:56
    XBV00185.VDF : 8.11.206.64 20480 Bytes 1/31/2015 08:14:56
    XBV00186.VDF : 8.11.206.66 27648 Bytes 1/31/2015 08:14:56
    XBV00187.VDF : 8.11.206.68 2048 Bytes 1/31/2015 08:14:56
    XBV00188.VDF : 8.11.206.76 86016 Bytes 2/1/2015 03:55:35
    XBV00189.VDF : 8.11.206.84 2048 Bytes 2/1/2015 03:55:35
    XBV00190.VDF : 8.11.206.92 16384 Bytes 2/1/2015 03:55:35
    XBV00191.VDF : 8.11.206.100 20992 Bytes 2/1/2015 03:55:36
    XBV00192.VDF : 8.11.206.108 94208 Bytes 2/2/2015 03:55:36
    XBV00193.VDF : 8.11.206.110 2048 Bytes 2/2/2015 03:55:36
    XBV00194.VDF : 8.11.206.118 26624 Bytes 2/2/2015 03:55:37
    XBV00195.VDF : 8.11.206.124 26112 Bytes 2/2/2015 03:55:37
    XBV00196.VDF : 8.11.206.130 12800 Bytes 2/2/2015 03:55:38
    XBV00197.VDF : 8.11.206.138 43008 Bytes 2/2/2015 03:55:38
    XBV00198.VDF : 8.11.206.140 23552 Bytes 2/2/2015 03:55:39
    XBV00199.VDF : 8.11.206.142 2048 Bytes 2/2/2015 03:55:39
    XBV00200.VDF : 8.11.206.144 2048 Bytes 2/2/2015 03:55:39
    XBV00201.VDF : 8.11.206.146 26624 Bytes 2/2/2015 03:55:40
    XBV00202.VDF : 8.11.206.148 2048 Bytes 2/3/2015 03:55:40
    LOCAL000.VDF : 8.11.206.148 121504256 Bytes 2/3/2015 03:56:41
    Engine version : 8.3.28.14
    AEVDF.DLL : 8.3.1.6 133992 Bytes 9/24/2014 18:44:20
    AESCRIPT.DLL : 8.2.2.52 551792 Bytes 1/30/2015 06:54:08
    AESCN.DLL : 8.3.2.2 139456 Bytes 9/24/2014 18:44:20
    AESBX.DLL : 8.2.20.24 1409224 Bytes 9/24/2014 18:44:20
    AERDL.DLL : 8.2.1.16 743328 Bytes 10/29/2014 16:27:44
    AEPACK.DLL : 8.4.0.58 789360 Bytes 1/16/2015 21:42:11
    AEOFFICE.DLL : 8.3.1.10 351088 Bytes 1/16/2015 21:42:11
    AEMOBILE.DLL : 8.1.2.0 277360 Bytes 12/17/2014 07:58:10
    AEHEUR.DLL : 8.1.4.1506 8079272 Bytes 1/30/2015 06:54:07
    AEHELP.DLL : 8.3.1.0 278728 Bytes 9/24/2014 18:44:20
    AEGEN.DLL : 8.1.7.40 456608 Bytes 12/20/2014 04:56:59
    AEEXP.DLL : 8.4.2.48 252776 Bytes 11/25/2014 19:50:38
    AEEMU.DLL : 8.1.3.4 399264 Bytes 9/24/2014 18:44:20
    AEDROID.DLL : 8.4.3.6 850800 Bytes 12/17/2014 07:58:09
    AECORE.DLL : 8.3.4.0 243624 Bytes 12/17/2014 07:58:09
    AEBB.DLL : 8.1.2.0 60448 Bytes 9/24/2014 18:44:20
    AVWINLL.DLL : 14.0.7.308 25904 Bytes 11/19/2014 05:32:22
    AVPREF.DLL : 14.0.7.308 52016 Bytes 11/19/2014 05:32:28
    AVREP.DLL : 14.0.7.308 220976 Bytes 11/19/2014 05:32:29
    AVARKT.DLL : 14.0.7.308 227632 Bytes 11/19/2014 05:32:23
    AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 12/17/2014 07:58:12
    SQLITE3.DLL : 14.0.7.308 453936 Bytes 11/19/2014 05:33:16
    AVSMTP.DLL : 14.0.7.308 79096 Bytes 11/19/2014 05:32:33
    NETNT.DLL : 14.0.7.308 15152 Bytes 11/19/2014 05:33:13
    RCIMAGE.DLL : 14.0.7.308 4866808 Bytes 11/19/2014 05:32:22
    RCTEXT.DLL : 14.0.7.318 75568 Bytes 11/19/2014 05:32:22

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
    Reporting...........................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Limit recursion depth...............: 20
    Smart extensions....................: on
    Macrovirus heuristic................: on
    File heuristic......................: extended

    Start of the scan: Monday, February 2, 2015 20:59

    Start scanning boot sectors:
    Boot sector 'HDD0(C:)'
    [INFO] No virus was found!

    Starting search for hidden objects.
    Error in ARK library

    The scan of running processes will be started:
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '78' Module(s) have been scanned
    Scan process 'dwm.exe' - '46' Module(s) have been scanned
    Scan process 'svchost.exe' - '89' Module(s) have been scanned
    Scan process 'svchost.exe' - '187' Module(s) have been scanned
    Scan process 'svchost.exe' - '58' Module(s) have been scanned
    Scan process 'igfxCUIService.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '115' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
    Scan process 'sched.exe' - '66' Module(s) have been scanned
    Scan process 'svchost.exe' - '89' Module(s) have been scanned
    Scan process 'SASCORE64.EXE' - '24' Module(s) have been scanned
    Scan process 'armsvc.exe' - '32' Module(s) have been scanned
    Scan process 'avguard.exe' - '133' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned
    Scan process 'adminservice.exe' - '31' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
    Scan process 'CCDMonitorService.exe' - '41' Module(s) have been scanned
    Scan process 'OfficeClickToRun.exe' - '83' Module(s) have been scanned
    Scan process 'cmdagent.exe' - '115' Module(s) have been scanned
    Scan process 'dashost.exe' - '30' Module(s) have been scanned
    Scan process 'HPSupportSolutionsFrameworkService.exe' - '65' Module(s) have been scanned
    Scan process 'HeciServer.exe' - '31' Module(s) have been scanned
    Scan process 'LMSvc.exe' - '27' Module(s) have been scanned
    Scan process 'McSACore.exe' - '59' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '32' Module(s) have been scanned
    Scan process 'SolutoLauncherService.exe' - '22' Module(s) have been scanned
    Scan process 'SolutoService.exe' - '162' Module(s) have been scanned
    Scan process 'rundll32.exe' - '46' Module(s) have been scanned
    Scan process 'rundll32.exe' - '32' Module(s) have been scanned
    Scan process 'avshadow.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '58' Module(s) have been scanned
    Scan process 'TouchToolsLaunchSvc.exe' - '20' Module(s) have been scanned
    Scan process 'Avira.OE.ServiceHost.exe' - '112' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'cavwp.exe' - '62' Module(s) have been scanned
    Scan process 'GamesAppIntegrationService.exe' - '37' Module(s) have been scanned
    Scan process 'jhi_service.exe' - '36' Module(s) have been scanned
    Scan process 'LMS.exe' - '63' Module(s) have been scanned
    Scan process 'NASvc.exe' - '49' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '82' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
    Scan process 'wsqmcons.exe' - '59' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '51' Module(s) have been scanned
    Scan process 'taskhostex.exe' - '49' Module(s) have been scanned
    Scan process 'soluto.exe' - '101' Module(s) have been scanned
    Scan process 'PresentationFontCache.exe' - '41' Module(s) have been scanned
    Scan process 'cistray.exe' - '59' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '232' Module(s) have been scanned
    Scan process 'LMEvent.exe' - '43' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
    Scan process 'avira_system_speedup.exe' - '68' Module(s) have been scanned
    Scan process 'QASvc.exe' - '24' Module(s) have been scanned
    Scan process 'skydrive.exe' - '98' Module(s) have been scanned
    Scan process 'igfxEM.exe' - '60' Module(s) have been scanned
    Scan process 'TabTip.exe' - '52' Module(s) have been scanned
    Scan process 'LMTray.exe' - '27' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '45' Module(s) have been scanned
    Scan process 'igfxHK.exe' - '43' Module(s) have been scanned
    Scan process 'QAEvent.exe' - '59' Module(s) have been scanned
    Scan process 'TabTip32.exe' - '28' Module(s) have been scanned
    Scan process 'BtvStack.exe' - '105' Module(s) have been scanned
    Scan process 'SkyDrive.exe' - '66' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '35' Module(s) have been scanned
    Scan process 'ActivateDesktop.exe' - '44' Module(s) have been scanned
    Scan process 'igfxTray.exe' - '57' Module(s) have been scanned
    Scan process 'ePowerSvc.exe' - '54' Module(s) have been scanned
    Scan process 'RAVCpl64.exe' - '51' Module(s) have been scanned
    Scan process 'HostAppServiceUpdater.exe' - '66' Module(s) have been scanned
    Scan process 'SpotifyWebHelper.exe' - '54' Module(s) have been scanned
    Scan process 'FMAPP.exe' - '44' Module(s) have been scanned
    Scan process 'RMSvc.exe' - '41' Module(s) have been scanned
    Scan process 'QAMsg.exe' - '29' Module(s) have been scanned
    Scan process 'SUPERANTISPYWARE.EXE' - '92' Module(s) have been scanned
    Scan process 'QuickAccess.exe' - '41' Module(s) have been scanned
    Scan process 'ScanToPCActivationApp.exe' - '62' Module(s) have been scanned
    Scan process 'ZedgeTonesync.exe' - '105' Module(s) have been scanned
    Scan process 'dfsvc.exe' - '72' Module(s) have been scanned
    Scan process 'BackgroundAgent.exe' - '114' Module(s) have been scanned
    Scan process 'cis.exe' - '72' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '80' Module(s) have been scanned
    Scan process 'avgnt.exe' - '114' Module(s) have been scanned
    Scan process 'hpwuschd2.exe' - '33' Module(s) have been scanned
    Scan process 'DoroServer.exe' - '36' Module(s) have been scanned
    Scan process 'Avira.OE.Systray.exe' - '124' Module(s) have been scanned
    Scan process 'abDocsDllLoader.exe' - '84' Module(s) have been scanned
    Scan process 'iPodService.exe' - '36' Module(s) have been scanned
    Scan process 'ccd.exe' - '65' Module(s) have been scanned
    Scan process 'conhost.exe' - '19' Module(s) have been scanned
    Scan process 'abDocsDllLoaderMonitor.exe' - '36' Module(s) have been scanned
    Scan process 'HostAppService.exe' - '124' Module(s) have been scanned
    Scan process 'HostAppServiceUpdater.exe' - '76' Module(s) have been scanned
    Scan process 'HostAppService.exe' - '79' Module(s) have been scanned
    Scan process 'SettingSyncHost.exe' - '51' Module(s) have been scanned
    Scan process 'StartMenuIndexer.exe' - '113' Module(s) have been scanned
    Scan process 'GestureDetection.exe' - '36' Module(s) have been scanned
    Scan process 'avcenter.exe' - '112' Module(s) have been scanned
    Scan process 'Launch Screen Grasp.exe' - '43' Module(s) have been scanned
    Scan process 'avscan.exe' - '116' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '31' Module(s) have been scanned
    Scan process 'UBTService.exe' - '38' Module(s) have been scanned
    Scan process 'vssvc.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '23' Module(s) have been scanned
    Scan process 'wininit.exe' - '15' Module(s) have been scanned
    Scan process 'winlogon.exe' - '29' Module(s) have been scanned
    Scan process 'lsass.exe' - '67' Module(s) have been scanned

    Starting to scan executable files (registry):
    The registry was scanned ( '1344' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Acer>
    C:\swapfile.sys
    [WARNING] The file could not be opened!
    C:\ProgramData\Comodo\Cis\Quarantine\Temp\cmdinstall.exe_14-12-14_22.53.49.log.7z
    [WARNING] Insufficient memory. The file was not scanned!


    End of the scan: Tuesday, February 3, 2015 00:03
    Used time: 3:04:11 Hour(s)

    The scan has been done completely.

    36976 Scanned directories
    1034565 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    1034564 Files not concerned
    15329 Archives were scanned
    2 Warnings
    0 Notes
    1610 Objects were scanned with rootkit scan
    0 Hidden objects were found
     
  3. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I couldn't get DDS to run. It says it cannot run in compatibility mode
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : songe_000 [Administrator]
    Mode : Delete -- Date : 02/03/2015 21:34:46

    ¤¤¤ Processes : 7 ¤¤¤
    [Suspicious.Path] HostAppServiceUpdater.exe(4396) -- C:\Users\songe_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[7] -> Killed [TermProc]
    [Suspicious.Path] ZedgeTonesync.exe(4972) -- C:\Users\songe_000\AppData\Local\Apps\2.0\6GCH658P.QMD\85XX29BG.WN7\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe[7] -> Killed [TermProc]
    [Suspicious.Path] HostAppService.exe(2356) -- C:\Users\songe_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermProc]
    [Suspicious.Path] HostAppServiceUpdater.exe(3700) -- C:\Users\songe_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[7] -> Killed [TermProc]
    [Suspicious.Path] HostAppService.exe(6328) -- C:\Users\songe_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermThr]
    [Suspicious.Path] StartMenuIndexer.exe(1776) -- C:\Users\songe_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Killed [TermProc]
    [Suspicious.Path] setup.exe(9092) -- C:\Windows\TEMP\CR_311B9.tmp\setup.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 20 ¤¤¤
    [PUP] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Not selected
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Windows\CurrentVersion\Run | ZedgeToneSync : C:\Users\songe_000\AppData\Local\Apps\2.0\Data\6V8ZDNZX.XV7\M1EAXPTV.MG5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup [-][x] -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Not selected
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Windows\CurrentVersion\Run | ZedgeToneSync : C:\Users\songe_000\AppData\Local\Apps\2.0\Data\6V8ZDNZX.XV7\M1EAXPTV.MG5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup -> ERROR [2]
    [PUP] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Not selected
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | ZedgeToneSync : C:\Users\songe_000\AppData\Local\Apps\2.0\Data\6V8ZDNZX.XV7\M1EAXPTV.MG5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup [-][x] -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Not selected
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | ZedgeToneSync : C:\Users\songe_000\AppData\Local\Apps\2.0\Data\6V8ZDNZX.XV7\M1EAXPTV.MG5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage-web.com/?s=acer&m=start -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage-web.com/?s=acer&m=start -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage-web.com/?s=acer&m=start -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage-web.com/?s=acer&m=start -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F} | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F} | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\Software Update Application -- "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 2lsg6gue.default : user_pref("browser.startup.homepage", "http://homepage-web.com/?s=acer&m=start"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 +++++
    --- User ---
    [MBR] 16fa9724b6154b3b8d320e9a2b22144b
    [BSP] c9250c8a97be4eab352b593d4a764ee6 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02032015_213359.log
     
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Mbar found no threats
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    # AdwCleaner v4.110 - Logfile created 06/02/2015 at 00:06:25
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : songe_000 - MOMSPC
    # Running from : C:\Users\songe_000\Downloads\adwcleaner_4.110.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\pokki
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Key Deleted : HKCU\Software\Pokki
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [2lsg6gue.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

    -\\ Google Chrome v40.0.2214.94

    [C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2613 bytes] - [05/02/2015 23:57:38]
    AdwCleaner[R1].txt - [2672 bytes] - [06/02/2015 00:04:18]
    AdwCleaner[S0].txt - [2258 bytes] - [06/02/2015 00:06:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2317 bytes] ##########
     
  9. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 8.1 x64
    Ran by songe_000 on Fri 02/06/2015 at 0:16:44.43
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD846640-AB58-11E4-828D-F8A963DCE7D1}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\songe_000\AppData\Roaming\mozilla\firefox\profiles\2lsg6gue.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/06/2015 at 0:44:11.00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
    Ran by songe_000 at 2015-02-06 00:49:19
    Running from C:\Users\songe_000\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
    FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
    Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
    Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
    Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
    Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
    Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 2: Town of the Year (HKLM-x32\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
    COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
    Doro 1.94 (HKLM-x32\...\Doro_is1) (Version: - CompSoft)
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pokki Start Menu (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
    Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
    Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
    ToneSync for Windows (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #5 (HKLM-x32\...\ST6UNST #5) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #6 (HKLM-x32\...\ST6UNST #6) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #7 (HKLM-x32\...\ST6UNST #7) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #8 (HKLM-x32\...\ST6UNST #8) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) (HKLM-x32\...\ST6UNST #2) (Version: - )
    TranscriptPro for Umbrella Schools (HKLM-x32\...\ST6UNST #1) (Version: - )
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Unity Web Player (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\songe_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    22-01-2015 17:43:30 Windows Modules Installer
    28-01-2015 17:44:43 Windows Update
    03-02-2015 21:40:30 feb3rd

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {031368AD-69FA-42F5-9836-00FC1C7A6873} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
    Task: {0796AB1B-1661-4153-9FF9-6C7C833ABC0C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {08FB1CFF-406B-4377-9C10-0364DEFA1615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {0EE31A40-E7F5-4430-9CF1-4F70BF3FFC88} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
    Task: {16E0EE90-DC55-4921-99FD-69262DB1C64A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
    Task: {1BA8203E-D888-4C65-87EC-ECDC370FE4C7} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
    Task: {1FD632AE-52AF-4024-B8A6-3BF3BC89FD46} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
    Task: {267662B5-1367-4E02-9FC6-99CD0B27701E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
    Task: {404242FB-5C3F-424A-986C-71B394252AE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {475470D8-E6D8-4501-9B94-AD2F3077BA98} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
    Task: {4D8CF235-CE71-4EF0-93CC-4138C0B5F25C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-634217685-3676121620-3412417090-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {51CFE98D-0C17-472B-AC9B-4C4D031F3CA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {54D72F98-C95C-4143-A24D-22672E78563B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
    Task: {56F5CB9E-9FFD-4AC7-9CC5-52A809E8A239} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
    Task: {575997F7-92DC-4DF0-B93A-8B443BA4BA4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
    Task: {59938976-D2A4-4B0E-9C22-7B78043E6B81} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {5C73D677-93C1-4193-AEC4-C4A920B0BB9B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-08] (COMODO)
    Task: {65CB0CBC-62D9-46E8-AC63-0E1828D6EE45} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
    Task: {7DB3C51D-D6F0-4E26-8ECF-96AA4CCC4620} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
    Task: {7FB6C1F4-AB79-4504-B124-1DCA679D0680} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-26] (Microsoft Corporation)
    Task: {82327D8E-CE75-415E-82FC-6E8D6690898E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {9876CF94-3A85-4133-AD1A-8B3CF2130063} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
    Task: {C091FD66-FBFA-4D40-8F51-26BB173E32FF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
    Task: {C1CFA249-4E02-41A9-8FA5-F7389F095C90} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-08] (COMODO)
    Task: {C2BA6F5F-9916-4677-A62B-57CADF6CEC06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-08] (COMODO)
    Task: {C7C30F43-94AF-4101-BA90-E6E7A4A132F4} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
    Task: {EBD23ED0-365A-49D8-8A1B-9BEE7FF374AF} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-11-26 22:53 - 2015-01-05 19:57 - 00595456 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll
    2014-11-02 23:14 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-10-27 17:39 - 2014-10-27 17:39 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\9201d05b16e018836c64dbbdbef3602f\PCGAppControlPluginLoader.ni.exe
    2013-12-18 16:02 - 2013-12-18 16:02 - 00124480 _____ () c:\program files\soluto\PCGDllExportInspector.dll
    2014-07-31 03:27 - 2012-04-24 03:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2013-12-18 16:02 - 2013-12-18 16:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
    2013-12-18 16:02 - 2013-12-18 16:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
    2014-10-27 21:03 - 2014-10-27 21:03 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
    2014-10-27 21:03 - 2014-10-27 21:03 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
    2014-10-27 21:04 - 2014-10-27 21:04 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
    2014-10-27 21:03 - 2014-10-27 21:03 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
    2014-10-27 17:38 - 2014-10-27 17:38 - 03498496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGPreCompiled\cc1872e1e292d0a2d45232839cb0561f\PCGPreCompiled.ni.dll
    2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
    2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    2014-12-19 21:59 - 2015-01-09 10:07 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
    2014-12-19 21:59 - 2015-01-09 10:07 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    2014-11-02 23:28 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-07-31 03:02 - 2013-10-01 02:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-09 10:08 - 2015-01-09 10:08 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
    2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
    2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
    2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
    2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
    2014-07-31 03:06 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-11-02 23:25 - 2014-11-18 14:06 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2015-01-26 18:33 - 2015-01-26 18:33 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
    AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
    AlternateDataStreams: C:\Users\songe_000\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\songe_000\Downloads\2014letter.docx:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.110.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.110.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227092490_s1_l1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(1).com:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(1).com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(2).com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds.com:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds.com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\this_message_in_html.html:$CmdZnID

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\songe_000\Pictures\misty-lake-and-mountain-1366x768-13141262.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-634217685-3676121620-3412417090-500 - Administrator - Disabled)
    Guest (S-1-5-21-634217685-3676121620-3412417090-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-634217685-3676121620-3412417090-1003 - Limited - Enabled)
    songe_000 (S-1-5-21-634217685-3676121620-3412417090-1001 - Administrator - Enabled) => C:\Users\songe_000

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-06 00:44:37.431
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-06 00:12:20.743
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-06 00:02:52.055
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-04 15:59:49.278
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 22:41:52.408
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 22:21:07.668
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 22:11:47.789
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 21:57:20.445
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 21:35:30.398
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-03 21:00:59.116
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 49%
    Total physical RAM: 4019.27 MB
    Available physical RAM: 2036.91 MB
    Total Pagefile: 6195.27 MB
    Available Pagefile: 3330.8 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:448.4 GB) (Free:322.34 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: CEE1CD6E)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  11. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
    Ran by songe_000 (administrator) on MOMSPC on 06-02-2015 00:47:51
    Running from C:\Users\songe_000\Downloads
    Loaded Profiles: songe_000 (Available profiles: songe_000)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (Soluto) C:\Program Files\Soluto\Soluto.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
    (Soluto) C:\Program Files\Soluto\SolutoService.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
    () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
    (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    (Thisisu) C:\Users\songe_000\Downloads\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2015-01-09] (Acer Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2015-01-05] (CompSoft)
    HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-01-09] ()
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-02-03] (Avira Operations GmbH & Co. KG)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-12-14] (SUPERAntiSpyware)
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\MountPoints2: E - "E:\setup.exe"
    HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
    ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage-web.com/?s=acer&m=start
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {73800C20-A356-4580-8E6F-6F93D4CC2750} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{35E41C0F-2342-4FB7-AC06-AE79D8DBCF9B}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F}: [NameServer] 156.154.70.22,156.154.71.22

    FireFox:
    ========
    FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default
    FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
    FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
    FF Extension: Avira Browser Safety - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com [2015-02-03]
    FF Extension: WOT - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-10-26]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-16]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://homepage-web.com/?s=acer&m=home
    CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
    CHR DefaultSearchKeyword: Default -> homepage-web.com
    CHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
    CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
    CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
    CHR Extension: (WOT) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-25]
    CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
    CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
    CHR Extension: (Avira SafeSearch) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-25]
    CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
    CHR Extension: (SiteAdvisor) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-21]
    CHR Extension: (Avira Browser Safety) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-25]
    CHR Extension: (Google Wallet) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
    CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
    R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider)
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2015-02-03] (Avira Operations GmbH & Co. KG)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2015-01-09] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-12-26] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [155368 2015-01-30] (McAfee, Inc.)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
    S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
    R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-08] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-08] (COMODO)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-08] (COMODO)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-13] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-03] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 00:47 - 2015-02-06 00:48 - 00024816 _____ () C:\Users\songe_000\Downloads\FRST.txt
    2015-02-06 00:47 - 2015-02-06 00:47 - 02131968 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
    2015-02-06 00:47 - 2015-02-06 00:47 - 00000000 ____D () C:\FRST
    2015-02-06 00:44 - 2015-02-06 00:44 - 00000978 _____ () C:\Users\songe_000\Desktop\JRT.txt
    2015-02-06 00:15 - 2015-02-06 00:16 - 01388274 _____ (Thisisu) C:\Users\songe_000\Downloads\JRT.exe
    2015-02-05 23:57 - 2015-02-06 00:06 - 00000000 ____D () C:\AdwCleaner
    2015-02-05 23:56 - 2015-02-05 23:56 - 02112512 _____ () C:\Users\songe_000\Downloads\adwcleaner_4.110.exe
    2015-02-03 22:27 - 2015-02-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-03 22:15 - 2015-02-03 22:15 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
    2015-02-03 21:47 - 2015-02-03 23:28 - 00000000 ____D () C:\Users\songe_000\Desktop\mbar
    2015-02-03 21:41 - 2015-02-03 21:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe
    2015-02-03 21:24 - 2015-02-03 21:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-03 21:24 - 2015-02-03 21:24 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-03 21:23 - 2015-02-03 21:23 - 15431256 _____ () C:\Users\songe_000\Downloads\RogueKiller.exe
    2015-02-03 21:16 - 2015-02-03 21:16 - 00688992 _____ (Swearware) C:\Users\songe_000\Downloads\dds(2).com
    2015-02-03 00:45 - 2015-02-03 00:45 - 00688992 _____ (Swearware) C:\Users\songe_000\Downloads\dds(1).com
    2015-02-02 22:23 - 2015-02-02 22:23 - 00688992 _____ (Swearware) C:\Users\songe_000\Downloads\dds.com
    2015-02-02 22:17 - 2015-02-02 22:17 - 00001199 _____ () C:\Users\songe_000\Documents\mbam.txt
    2015-02-02 21:21 - 2015-02-06 00:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-02 21:20 - 2015-02-03 22:24 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-02 21:20 - 2015-02-02 21:20 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-02 21:20 - 2015-02-02 21:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-02 21:20 - 2015-02-02 21:20 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-02 21:20 - 2015-02-02 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-02 21:20 - 2015-02-02 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-02 21:20 - 2015-02-02 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-02 21:18 - 2015-02-02 21:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-30 00:33 - 2015-01-30 00:33 - 00000479 _____ () C:\Users\songe_000\Documents\129.txt
    2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-26 18:26 - 2015-01-26 18:26 - 00000000 __SHD () C:\Users\songe_000\AppData\Local\EmieBrowserModeList
    2015-01-22 22:34 - 2015-01-22 22:34 - 00000329 _____ () C:\Users\songe_000\Desktop\HP Printer Diagnostic Tools.url
    2015-01-14 21:33 - 2015-01-14 21:34 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
    2015-01-13 20:29 - 2015-01-13 20:29 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
    2015-01-13 20:28 - 2015-01-13 20:29 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
    2015-01-13 19:52 - 2015-01-13 19:52 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 19:52 - 2015-01-13 19:52 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-13 19:52 - 2015-01-13 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-13 19:52 - 2015-01-13 19:52 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 19:52 - 2015-01-13 19:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-10 13:56 - 2015-01-10 13:56 - 00000000 ____D () C:\Users\songe_000\AppData\Roaming\Playrix Entertainment
    2015-01-09 10:09 - 2015-01-09 10:09 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 00:32 - 2014-11-02 23:22 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc
    2015-02-06 00:30 - 2014-10-22 21:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-634217685-3676121620-3412417090-1001
    2015-02-06 00:27 - 2014-10-22 20:47 - 01126027 _____ () C:\Windows\WindowsUpdate.log
    2015-02-06 00:25 - 2014-10-22 21:11 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-06 00:25 - 2014-10-22 21:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 00:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-06 00:10 - 2014-11-09 13:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-06 00:10 - 2014-10-22 21:01 - 00000000 ___DO () C:\Users\songe_000\OneDrive
    2015-02-06 00:10 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-02-06 00:08 - 2014-10-22 21:11 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 00:07 - 2014-05-16 06:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-02-06 00:07 - 2014-03-18 02:54 - 00184810 _____ () C:\Windows\PFRO.log
    2015-02-06 00:07 - 2013-08-22 07:46 - 00035042 _____ () C:\Windows\setupact.log
    2015-02-06 00:07 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-06 00:07 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-02-06 00:01 - 2014-10-25 15:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-05 23:56 - 2014-10-22 21:09 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FC5DB9F-BE6B-48AE-BFCD-CB104919ACD0}
    2015-02-05 23:51 - 2014-10-22 20:57 - 00000000 ____D () C:\Users\songe_000\AppData\Local\Pokki
    2015-02-05 15:48 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-02-05 15:36 - 2014-07-31 03:24 - 00000000 ____D () C:\ProgramData\Temp
    2015-02-05 14:09 - 2013-08-22 08:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 14:09 - 2013-08-22 08:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 16:02 - 2014-10-25 15:29 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-03 22:15 - 2014-10-25 17:04 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-03 22:15 - 2014-10-25 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2015-02-03 22:15 - 2014-10-25 16:52 - 00000000 ____D () C:\Program Files (x86)\Avira
    2015-02-02 20:57 - 2014-10-22 21:01 - 00002334 _____ () C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2015-02-02 20:56 - 2014-12-01 21:17 - 00000000 ____D () C:\Users\songe_000\AppData\Local\Deployment
    2015-02-02 00:36 - 2014-10-23 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-29 23:26 - 2014-11-26 21:21 - 00000000 ____D () C:\Users\songe_000\AppData\Roaming\HpUpdate
    2015-01-26 00:43 - 2014-03-18 03:03 - 01160678 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-18 20:43 - 2014-10-25 18:59 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-18 20:37 - 2014-10-25 18:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 21:34 - 2014-05-16 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
    2015-01-14 21:34 - 2014-05-16 06:29 - 00000000 ____D () C:\Program Files (x86)\Acer
    2015-01-14 21:29 - 2014-10-22 21:00 - 00000000 ____D () C:\Users\songe_000\AppData\Local\clear.fi
    2015-01-08 23:25 - 2014-10-22 20:57 - 00000000 ____D () C:\Users\songe_000

    ==================== Files in the root of some directories =======

    2014-11-26 21:21 - 2014-11-26 21:21 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-31 03:03 - 2014-07-31 03:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-10-22 21:11 - 2014-10-22 21:11 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    Some content of TEMP:
    ====================
    C:\Users\songe_000\AppData\Local\Temp\avgnt.exe
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup1498687.exe
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup275781.exe
    C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\songe_000\AppData\Local\Temp\oct230C.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\oct8370.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octA235.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octBF63.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octF937.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\Quarantine.exe
    C:\Users\songe_000\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-05 13:19

    ==================== End Of Log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  13. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Have been out of town. Will take care of the next step tomorrow. Thanks for your patience.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  15. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
    Ran by songe_000 at 2015-02-09 22:28:54 Run:1
    Running from C:\Users\songe_000\Desktop
    Loaded Profiles: songe_000 & (Available profiles: songe_000)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
    AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
    AlternateDataStreams: C:\Users\songe_000\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\songe_000\Downloads\2014letter.docx:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.110.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.110.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227092490_s1_l1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(1).com:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(1).com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds(2).com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds.com:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\dds.com:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdTcID
    AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\songe_000\Downloads\this_message_in_html.html:$CmdZnID
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\MountPoints2: E - "E:\setup.exe"
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage-web.com/?s=acer&m=start
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {73800C20-A356-4580-8E6F-6F93D4CC2750} URL =
    FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
    CHR HomePage: Default -> hxxp://homepage-web.com/?s=acer&m=home
    CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
    CHR DefaultSearchKeyword: Default -> homepage-web.com
    CHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    2014-11-26 21:21 - 2014-11-26 21:21 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-31 03:03 - 2014-07-31 03:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-10-22 21:11 - 2014-10-22 21:11 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    C:\Users\songe_000\AppData\Local\Temp\avgnt.exe
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup1498687.exe
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup275781.exe
    C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\songe_000\AppData\Local\Temp\oct230C.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\oct8370.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octA235.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octBF63.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\octF937.tmp.exe
    C:\Users\songe_000\AppData\Local\Temp\Quarantine.exe
    C:\Users\songe_000\AppData\Local\Temp\sqlite3.dll


    *****************

    "C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ci.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Faultrep.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ncsi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\nlaapi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wer.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\werdiagcontroller.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\WerFault.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\WerFaultSecure.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wermgr.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AudioEng.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\Faultrep.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wer.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\werdiagcontroller.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\WerFault.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\WerFaultSecure.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wermgr.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\ahcache.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
    C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\Temp => ":708BB0FA" ADS removed successfully.
    C:\ProgramData\Temp => ":7A2101AB" ADS removed successfully.
    C:\Users\songe_000\OneDrive => ":ms-properties" ADS removed successfully.
    C:\Users\songe_000\Downloads\2014letter.docx => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\adwcleaner_4.110.exe" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\adwcleaner_4.110.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\songe_000\Downloads\bigfishgames_p227092490_s1_l1.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1(1).exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\bigfishgames_p227093192_s1_l1.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\dds(1).com" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\dds(1).com => ":$CmdZnID" ADS removed successfully.
    C:\Users\songe_000\Downloads\dds(2).com => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\dds.com" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\dds.com => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
    C:\Users\songe_000\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe" => ":$CmdTcID" ADS not found.
    C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\songe_000\Downloads\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\songe_000\Downloads\this_message_in_html.html => ":$CmdZnID" ADS removed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKU\S-1-5-21-634217685-3676121620-3412417090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
    HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-634217685-3676121620-3412417090-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73800C20-A356-4580-8E6F-6F93D4CC2750}" => Key deleted successfully.
    HKCR\CLSID\{73800C20-A356-4580-8E6F-6F93D4CC2750} => Key not found.
    Firefox newtab deleted successfully.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    Firefox homepage deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
    cpuz136 => Unable to stop service
    cpuz136 => Service deleted successfully.
    C:\ProgramData\Ament.ini => Moved successfully.
    C:\ProgramData\DP45977C.lfl => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup1498687.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\AviraSetup275781.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\oct230C.tmp.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\oct8370.tmp.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\octA235.tmp.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\octBF63.tmp.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\octF937.tmp.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\songe_000\AppData\Local\Temp\sqlite3.dll => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog 22:29:09 ====
     
  16. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Home page back to normal by the way
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Still with me?
     
  19. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Sorry, had sick kids this week and one of my sons got his wisdom teeth pulled this week. I have barely touched my computer, but I will get to this first thing in the morning. Thanks for your patience
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  21. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    This morning when I opened my computer I had a notification from MalwareBytes that it found non-malware. It quarantined it, but do I need to go through the steps again or just finish. It was another PUP, trovi search. Let me know the next step. Thanks
     
  22. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I am trying to find the Malware logs, but the first one I exported was just a list saying no malicious items detected. Here is one of the protection logs though.
    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 2/16/2015 8:56:12 AM, SYSTEM, MOMSPC, Scheduler, Malware Database, 2015.2.16.3, 2015.2.16.5,
    Protection, 2/16/2015 8:56:19 AM, SYSTEM, MOMSPC, Protection, Refresh, Starting,
    Protection, 2/16/2015 8:56:19 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopping,
    Protection, 2/16/2015 8:56:19 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopped,
    Scan, 2/16/2015 8:56:58 AM, SYSTEM, MOMSPC, Manual, Start:2/14/2015 7:46:54 PM, Duration:29 min 42 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection,
    Protection, 2/16/2015 9:05:00 AM, SYSTEM, MOMSPC, Protection, Refresh, Success,
    Protection, 2/16/2015 9:05:01 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Starting,
    Protection, 2/16/2015 9:05:01 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Started,
    Update, 2/16/2015 9:21:28 AM, SYSTEM, MOMSPC, Scheduler, Malware Database, 2015.2.16.5, 2015.2.16.6,
    Protection, 2/16/2015 9:21:28 AM, SYSTEM, MOMSPC, Protection, Refresh, Starting,
    Protection, 2/16/2015 9:21:29 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopping,
    Protection, 2/16/2015 9:21:33 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopped,
    Protection, 2/16/2015 9:39:01 AM, SYSTEM, MOMSPC, Protection, Refresh, Success,
    Protection, 2/16/2015 9:39:06 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Starting,
    Protection, 2/16/2015 9:39:08 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Started,
    Update, 2/16/2015 11:14:20 AM, SYSTEM, MOMSPC, Scheduler, Malware Database, 2015.2.16.6, 2015.2.16.7,
    Protection, 2/16/2015 11:14:22 AM, SYSTEM, MOMSPC, Protection, Refresh, Starting,
    Protection, 2/16/2015 11:14:23 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopping,
    Protection, 2/16/2015 11:14:30 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopped,
    Protection, 2/16/2015 11:22:39 AM, SYSTEM, MOMSPC, Protection, Refresh, Success,
    Protection, 2/16/2015 11:22:39 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Starting,
    Protection, 2/16/2015 11:22:40 AM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Started,
    Update, 2/16/2015 9:09:47 PM, SYSTEM, MOMSPC, Scheduler, Malware Database, 2015.2.16.7, 2015.2.17.3,
    Protection, 2/16/2015 9:09:47 PM, SYSTEM, MOMSPC, Protection, Refresh, Starting,
    Protection, 2/16/2015 9:09:47 PM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopping,
    Protection, 2/16/2015 9:09:47 PM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Stopped,
    Protection, 2/16/2015 9:10:53 PM, SYSTEM, MOMSPC, Protection, Refresh, Success,
    Protection, 2/16/2015 9:10:54 PM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Starting,
    Protection, 2/16/2015 9:10:54 PM, SYSTEM, MOMSPC, Protection, Malicious Website Protection, Started,

    (end)
     
  23. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    It quarantined something, but that PUP doesn't show up on the scan log.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    That's fine then.
    Proceed with my reply #17.
     
  25. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Results of screen317's Security Check version 0.99.96
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Avira Desktop
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee SiteAdvisor
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Mozilla Firefox (35.0.1)
    Google Chrome (40.0.2214.111)
    Google Chrome (40.0.2214.94)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbam.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...