Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

very slow, browsers/tabs popping up and redirecting [Closed]


  • This topic is locked This topic is locked
25 replies to this topic

#1 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 29 May 2014 - 03:04 PM

I tried to download hijack this but it won't open due to an invalid win32 application. the other 2 suggested tools would not work. the dds was just a screensaver file:/

My laptop is running very slow in everything from startup to opening folders and files. Browsers and tabs are opening on their own and redirecting sometimes when I click on links.

 I think a friend downloaded a virus or something.

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 June 2014 - 03:23 PM

Hi electriccrayon,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.  
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.  
  • It's often worth reading through these instructions and printing them for ease of reference.  
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.  
  • Please reply to this thread. Do not start a new topic.  
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.



  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

 

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 04 June 2014 - 02:06 PM

everything I download and try to open gives an invalid win32 application error.



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 June 2014 - 09:13 PM

Hi electriccrayon,

bullseye_zpse9eaf36e.gif System File Checker (SFC)
  • Click on the Start button and in the Search programs and files box type the following:
    • command
  • Don't press Enter, just let the search results populate above.
  • In the search results, locate the Programs section.
  • Locate the Command Prompt shortcut and right-click on it.
  • Select Run as administrator.
  • Click Yes on the User Account Control window that appears.
  • Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
  • Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
  • An elevated Command Prompt window will appear.
    • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Copy and Paste the contents of the file into your next post.
  • After the scan runs type exit to close the command prompt window
=========================

In your next post please provide the following:
  • sfcdetails.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 June 2014 - 08:33 PM

Hi electriccrayon,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 07 June 2014 - 11:53 PM

Yes I do. Been a busy weekend. I'm running the scan now. Will post results tmrw afternoon. Sorry for the delay.
Thank you!

#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 June 2014 - 08:14 AM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 08 June 2014 - 01:03 PM

2014-06-08 01:50:13, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:13, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:19, Info                  CSI    0000000c [SR] Verify complete
2014-06-08 01:50:21, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:21, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:29, Info                  CSI    00000010 [SR] Verify complete
2014-06-08 01:50:32, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:32, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:37, Info                  CSI    00000014 [SR] Verify complete
2014-06-08 01:50:40, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:40, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:45, Info                  CSI    00000018 [SR] Verify complete
2014-06-08 01:50:47, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:47, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:52, Info                  CSI    0000001c [SR] Verify complete
2014-06-08 01:50:54, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:54, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:01, Info                  CSI    00000020 [SR] Verify complete
2014-06-08 01:51:04, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:04, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:18, Info                  CSI    00000024 [SR] Verify complete
2014-06-08 01:51:20, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:20, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:28, Info                  CSI    00000028 [SR] Verify complete
2014-06-08 01:51:30, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:30, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:35, Info                  CSI    0000002c [SR] Verify complete
2014-06-08 01:51:36, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:36, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:42, Info                  CSI    00000030 [SR] Verify complete
2014-06-08 01:51:43, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:43, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:47, Info                  CSI    00000034 [SR] Verify complete
2014-06-08 01:51:48, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:48, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:53, Info                  CSI    00000038 [SR] Verify complete
2014-06-08 01:51:55, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:55, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:02, Info                  CSI    0000003c [SR] Verify complete
2014-06-08 01:52:03, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:03, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:06, Info                  CSI    00000040 [SR] Verify complete
2014-06-08 01:52:08, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:08, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:12, Info                  CSI    00000044 [SR] Verify complete
2014-06-08 01:52:13, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:13, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:28, Info                  CSI    00000049 [SR] Verify complete
2014-06-08 01:52:29, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:29, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:41, Info                  CSI    00000050 [SR] Verify complete
2014-06-08 01:52:43, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:43, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:51, Info                  CSI    00000055 [SR] Verify complete
2014-06-08 01:52:53, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:53, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:01, Info                  CSI    00000059 [SR] Verify complete
2014-06-08 01:53:02, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:02, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:17, Info                  CSI    0000006d [SR] Verify complete
2014-06-08 01:53:18, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:18, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:33, Info                  CSI    00000084 [SR] Verify complete
2014-06-08 01:53:34, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:34, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:44, Info                  CSI    00000088 [SR] Verify complete
2014-06-08 01:53:45, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:45, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:55, Info                  CSI    0000008c [SR] Verify complete
2014-06-08 01:53:56, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:56, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:08, Info                  CSI    00000090 [SR] Verify complete
2014-06-08 01:54:10, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:10, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:30, Info                  CSI    00000094 [SR] Verify complete
2014-06-08 01:54:31, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:31, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:45, Info                  CSI    00000098 [SR] Verify complete
2014-06-08 01:54:47, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:47, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2014-06-08 01:55:10, Info                  CSI    000000bd [SR] Verify complete
2014-06-08 01:55:11, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:55:11, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2014-06-08 01:56:02, Info                  CSI    000000c1 [SR] Verify complete
2014-06-08 01:56:05, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:56:05, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2014-06-08 01:58:20, Info                  CSI    000000c5 [SR] Verify complete
2014-06-08 01:58:37, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:58:37, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2014-06-08 01:59:30, Info                  CSI    000000cb [SR] Verify complete
2014-06-08 01:59:40, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:59:40, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2014-06-08 01:59:57, Info                  CSI    000000cf [SR] Verify complete
2014-06-08 02:00:04, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:04, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:00:13, Info                  CSI    000000d3 [SR] Verify complete
2014-06-08 02:00:21, Info                  CSI    000000d4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:21, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:00:34, Info                  CSI    000000d7 [SR] Verify complete
2014-06-08 02:00:44, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:44, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:01:24, Info                  CSI    000000ec [SR] Verify complete
2014-06-08 02:01:28, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:01:28, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2014-06-08 02:01:37, Info                  CSI    000000f0 [SR] Verify complete
2014-06-08 02:01:45, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:01:45, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:02:06, Info                  CSI    000000f4 [SR] Verify complete
2014-06-08 02:02:14, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:02:14, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:02:27, Info                  CSI    000000f8 [SR] Verify complete
2014-06-08 02:02:47, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:02:47, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2014-06-08 02:04:04, Info                  CSI    000000fd [SR] Verify complete
2014-06-08 02:04:25, Info                  CSI    000000fe [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:04:25, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2014-06-08 02:07:29, Info                  CSI    00000102 [SR] Verify complete
2014-06-08 02:07:54, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:07:54, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2014-06-08 02:08:32, Info                  CSI    00000106 [SR] Verify complete
2014-06-08 02:08:42, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:08:42, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2014-06-08 02:08:51, Info                  CSI    0000010a [SR] Verify complete
2014-06-08 02:08:58, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:08:58, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2014-06-08 02:09:29, Info                  CSI    0000010e [SR] Verify complete
2014-06-08 02:09:33, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:09:33, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2014-06-08 02:09:51, Info                  CSI    00000112 [SR] Verify complete
2014-06-08 02:09:55, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:09:55, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2014-06-08 02:10:24, Info                  CSI    00000116 [SR] Verify complete
2014-06-08 02:10:27, Info                  CSI    00000117 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:10:27, Info                  CSI    00000118 [SR] Beginning Verify and Repair transaction
2014-06-08 02:10:56, Info                  CSI    0000012b [SR] Verify complete
2014-06-08 02:11:00, Info                  CSI    0000012c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:11:00, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2014-06-08 02:11:14, Info                  CSI    00000134 [SR] Verify complete
2014-06-08 02:11:18, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:11:18, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:01, Info                  CSI    00000138 [SR] Verify complete
2014-06-08 02:12:04, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:04, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:18, Info                  CSI    0000013d [SR] Verify complete
2014-06-08 02:12:22, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:22, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:44, Info                  CSI    00000141 [SR] Verify complete
2014-06-08 02:12:47, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:47, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:00, Info                  CSI    00000145 [SR] Verify complete
2014-06-08 02:13:02, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:02, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:21, Info                  CSI    00000149 [SR] Verify complete
2014-06-08 02:13:26, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:26, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:40, Info                  CSI    0000014d [SR] Verify complete
2014-06-08 02:13:43, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:43, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:54, Info                  CSI    00000153 [SR] Verify complete
2014-06-08 02:13:57, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:57, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2014-06-08 02:14:30, Info                  CSI    00000157 [SR] Verify complete
2014-06-08 02:14:35, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:14:35, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:21, Info                  CSI    0000015c [SR] Verify complete
2014-06-08 02:15:23, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:23, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:36, Info                  CSI    00000160 [SR] Verify complete
2014-06-08 02:15:39, Info                  CSI    00000161 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:39, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:51, Info                  CSI    00000165 [SR] Verify complete
2014-06-08 02:15:53, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:53, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:10, Info                  CSI    0000016a [SR] Verify complete
2014-06-08 02:16:12, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:12, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:26, Info                  CSI    0000016e [SR] Verify complete
2014-06-08 02:16:29, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:29, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:40, Info                  CSI    00000172 [SR] Verify complete
2014-06-08 02:16:41, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:41, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:51, Info                  CSI    00000176 [SR] Verify complete
2014-06-08 02:16:52, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:52, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:02, Info                  CSI    0000017b [SR] Verify complete
2014-06-08 02:17:04, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:04, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:15, Info                  CSI    0000017f [SR] Verify complete
2014-06-08 02:17:17, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:17, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:23, Info                  CSI    00000183 [SR] Verify complete
2014-06-08 02:17:25, Info                  CSI    00000184 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:25, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:34, Info                  CSI    00000188 [SR] Verify complete
2014-06-08 02:17:35, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:35, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:47, Info                  CSI    0000018d [SR] Verify complete
2014-06-08 02:17:49, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:49, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:03, Info                  CSI    00000192 [SR] Verify complete
2014-06-08 02:18:05, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:05, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:15, Info                  CSI    00000197 [SR] Verify complete
2014-06-08 02:18:17, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:17, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:28, Info                  CSI    0000019b [SR] Verify complete
2014-06-08 02:18:30, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:30, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:33, Info                  CSI    0000019f [SR] Verify complete
2014-06-08 02:18:35, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:35, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:42, Info                  CSI    000001a3 [SR] Verify complete
2014-06-08 02:18:44, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:44, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:51, Info                  CSI    000001a7 [SR] Verify complete
2014-06-08 02:18:53, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:53, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:01, Info                  CSI    000001ab [SR] Verify complete
2014-06-08 02:19:03, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:03, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:13, Info                  CSI    000001af [SR] Verify complete
2014-06-08 02:19:14, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:14, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:18, Info                  CSI    000001b3 [SR] Verify complete
2014-06-08 02:19:20, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:20, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:36, Info                  CSI    000001b7 [SR] Verify complete
2014-06-08 02:19:37, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:37, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:23, Info                  CSI    000001bb [SR] Verify complete
2014-06-08 02:20:24, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:24, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:36, Info                  CSI    000001bf [SR] Verify complete
2014-06-08 02:20:37, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:37, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:46, Info                  CSI    000001c3 [SR] Verify complete
2014-06-08 02:20:47, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:47, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:50, Info                  CSI    000001c7 [SR] Verify complete
2014-06-08 02:20:52, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:52, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:58, Info                  CSI    000001cb [SR] Verify complete
2014-06-08 02:20:59, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:59, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:05, Info                  CSI    000001cf [SR] Verify complete
2014-06-08 02:21:06, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:06, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:11, Info                  CSI    000001d3 [SR] Verify complete
2014-06-08 02:21:12, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:12, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:14, Info                  CSI    000001d7 [SR] Verify complete
2014-06-08 02:21:15, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:15, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:26, Info                  CSI    000001e1 [SR] Verify complete
2014-06-08 02:21:28, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:28, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:33, Info                  CSI    000001e5 [SR] Verify complete
2014-06-08 02:21:34, Info                  CSI    000001e6 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:34, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:38, Info                  CSI    000001e9 [SR] Verify complete
2014-06-08 02:21:40, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:40, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:45, Info                  CSI    000001ed [SR] Verify complete
2014-06-08 02:21:47, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:47, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:55, Info                  CSI    000001f1 [SR] Verify complete
2014-06-08 02:21:56, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:56, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:08, Info                  CSI    000001f6 [SR] Verify complete
2014-06-08 02:22:10, Info                  CSI    000001f7 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:10, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:21, Info                  CSI    000001fa [SR] Verify complete
2014-06-08 02:22:22, Info                  CSI    000001fb [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:22, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:25, Info                  CSI    000001fe [SR] Verify complete
2014-06-08 02:22:28, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:28, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:42, Info                  CSI    00000202 [SR] Verify complete
2014-06-08 02:22:44, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:44, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:04, Info                  CSI    00000209 [SR] Verify complete
2014-06-08 02:23:06, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:06, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:18, Info                  CSI    00000210 [SR] Verify complete
2014-06-08 02:23:19, Info                  CSI    00000211 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:19, Info                  CSI    00000212 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:32, Info                  CSI    00000218 [SR] Verify complete
2014-06-08 02:23:34, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:34, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:47, Info                  CSI    00000223 [SR] Verify complete
2014-06-08 02:23:48, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:48, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:57, Info                  CSI    0000022a [SR] Verify complete
2014-06-08 02:23:58, Info                  CSI    0000022b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:58, Info                  CSI    0000022c [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:05, Info                  CSI    00000230 [SR] Verify complete
2014-06-08 02:24:06, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:06, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:12, Info                  CSI    00000234 [SR] Verify complete
2014-06-08 02:24:13, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:13, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:25, Info                  CSI    00000251 [SR] Verify complete
2014-06-08 02:24:26, Info                  CSI    00000252 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:26, Info                  CSI    00000253 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:34, Info                  CSI    0000025f [SR] Verify complete
2014-06-08 02:24:35, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:35, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:42, Info                  CSI    00000263 [SR] Verify complete
2014-06-08 02:24:43, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:43, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:52, Info                  CSI    00000267 [SR] Verify complete
2014-06-08 02:24:53, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:53, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:58, Info                  CSI    0000026b [SR] Verify complete
2014-06-08 02:25:00, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:00, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:08, Info                  CSI    0000027b [SR] Verify complete
2014-06-08 02:25:10, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:10, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:24, Info                  CSI    00000283 [SR] Verify complete
2014-06-08 02:25:27, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:27, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:46, Info                  CSI    0000028f [SR] Verify complete
2014-06-08 02:25:49, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:49, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:58, Info                  CSI    00000293 [SR] Verify complete
2014-06-08 02:26:00, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:00, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:25, Info                  CSI    00000298 [SR] Verify complete
2014-06-08 02:26:27, Info                  CSI    00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:27, Info                  CSI    0000029a [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:33, Info                  CSI    0000029c [SR] Verify complete
2014-06-08 02:26:35, Info                  CSI    0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:35, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:45, Info                  CSI    000002a0 [SR] Verify complete
2014-06-08 02:26:46, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:46, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:58, Info                  CSI    000002a4 [SR] Verify complete
2014-06-08 02:26:59, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:59, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:05, Info                  CSI    000002a8 [SR] Verify complete
2014-06-08 02:27:06, Info                  CSI    000002a9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:06, Info                  CSI    000002aa [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:25, Info                  CSI    000002c4 [SR] Verify complete
2014-06-08 02:27:26, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:26, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:38, Info                  CSI    000002c8 [SR] Verify complete
2014-06-08 02:27:39, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:39, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:13, Info                  CSI    000002cc [SR] Verify complete
2014-06-08 02:28:14, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:14, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:20, Info                  CSI    000002d0 [SR] Verify complete
2014-06-08 02:28:21, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:21, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:26, Info                  CSI    000002d6 [SR] Verify complete
2014-06-08 02:28:27, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:27, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:33, Info                  CSI    000002da [SR] Verify complete
2014-06-08 02:28:34, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:34, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:41, Info                  CSI    000002de [SR] Verify complete
2014-06-08 02:28:42, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:42, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:47, Info                  CSI    000002e2 [SR] Verify complete
2014-06-08 02:28:48, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:48, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:55, Info                  CSI    000002e7 [SR] Verify complete
2014-06-08 02:28:56, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:56, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:00, Info                  CSI    000002eb [SR] Verify complete
2014-06-08 02:29:01, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:01, Info                  CSI    000002ed [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:08, Info                  CSI    000002ef [SR] Verify complete
2014-06-08 02:29:09, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:09, Info                  CSI    000002f1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:16, Info                  CSI    000002f3 [SR] Verify complete
2014-06-08 02:29:17, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:17, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:25, Info                  CSI    000002f8 [SR] Verify complete
2014-06-08 02:29:26, Info                  CSI    000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:26, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:34, Info                  CSI    000002fc [SR] Verify complete
2014-06-08 02:29:35, Info                  CSI    000002fd [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:35, Info                  CSI    000002fe [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:41, Info                  CSI    00000300 [SR] Verify complete
2014-06-08 02:29:42, Info                  CSI    00000301 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:42, Info                  CSI    00000302 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:48, Info                  CSI    00000304 [SR] Verify complete
2014-06-08 02:29:49, Info                  CSI    00000305 [SR] Verifying 96 (0x0000000000000060) components
2014-06-08 02:29:49, Info                  CSI    00000306 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:56, Info                  CSI    00000308 [SR] Verify complete
2014-06-08 02:29:56, Info                  CSI    00000309 [SR] Repairing 0 components
2014-06-08 02:29:56, Info                  CSI    0000030a [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:56, Info                  CSI    0000030c [SR] Repair complete
 



#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 June 2014 - 07:35 PM

Hi electriccrayon,

The log you posted doesn't appear to be complete. Please verify that the log you posted was complete.

=========================

bullseye_zpse9eaf36e.gif rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide
  • Download Combofix from the following location: but rename it to electriccrayonCF before saving it to your desktop.

    Link

    * IMPORTANT !!! Save the renamed ComboFix.exe (XXXXCF) to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:
  • Rkill log
  • ComboFix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 10 June 2014 - 11:07 PM

I will jump on that within the next day or 2. have to use the pc at work.thank you


    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 June 2014 - 12:04 AM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 12 June 2014 - 02:02 PM

ComboFix 14-06-10.01 - RAC 06/12/2014  15:36:53.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1771.642 [GMT -4:00]
Running from: E:\electriccrayonCF.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-12 to 2014-06-12  )))))))))))))))))))))))))))))))
.
.
2014-06-12 19:52 . 2014-06-12 19:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-11 19:43 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-11 19:43 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 19:43 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-11 19:43 . 2014-06-08 09:08    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-11 19:43 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-11 19:43 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-11 19:43 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-11 19:42 . 2014-03-26 14:44    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-11 19:42 . 2014-03-26 14:27    1389056    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-06-11 19:42 . 2014-03-26 14:27    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-11 19:42 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-06-11 19:42 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2014-06-11 19:42 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-06-11 19:42 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-06-11 19:40 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CD2129-4121-433D-B98C-B52C224DB14E}\mpengine.dll
2014-05-23 23:49 . 2014-05-23 23:50    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-23 23:49 . 2014-05-23 23:49    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-23 23:49 . 2014-05-23 23:49    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-23 01:09 . 2014-05-16 21:43    61112    ----a-w-    c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
2014-05-22 23:37 . 2014-06-12 07:24    --------    d-----w-    c:\program files (x86)\ScanTack
2014-05-22 20:33 . 2014-05-22 20:43    --------    d-----w-    c:\users\RAC\AppData\Roaming\deluge
2014-05-22 20:03 . 2014-05-22 20:03    --------    d-----w-    c:\users\RAC\AppData\Roaming\dlg
2014-05-22 19:57 . 2014-05-22 19:57    --------    d-----w-    c:\program files\ZappAddon
2014-05-22 19:56 . 2014-05-22 19:56    --------    d-----w-    c:\users\RAC\AppData\Roaming\SimplyTech
2014-05-22 19:56 . 2014-02-04 11:36    33864    ----a-w-    c:\windows\Launcher.exe
2014-05-22 19:56 . 2014-05-22 19:56    --------    d-----w-    c:\program files (x86)\ZappAddon
2014-05-22 19:56 . 2014-06-11 21:49    --------    d-----w-    c:\program files (x86)\best-markit
2014-05-22 19:55 . 2014-06-12 19:26    --------    d-----w-    c:\users\RAC\AppData\Local\fst_en_105
2014-05-22 19:55 . 2014-05-22 19:55    --------    d-----w-    c:\program files (x86)\fst_en_105
2014-05-21 19:31 . 2014-05-06 04:40    23544320    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-21 19:31 . 2014-05-06 03:00    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-05-21 19:31 . 2014-05-06 04:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-21 19:31 . 2014-05-06 03:07    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-17 18:50 . 2014-05-17 18:50    --------    d--h--w-    c:\programdata\CanonBJ
2014-05-17 18:49 . 2009-07-14 01:40    83968    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2014-05-17 17:37 . 2014-03-25 02:43    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-05-13 21:59 . 2014-05-13 21:59    10594416    ----a-w-    c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-05-13 21:59 . 2014-05-13 21:59    1266800    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-05-13 21:59 . 2014-05-13 21:59    965232    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuuc52.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 07:02 . 2012-07-16 21:32    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-23 23:50 . 2012-07-16 21:02    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-23 23:50 . 2012-07-16 21:02    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-23 23:49 . 2013-05-30 18:53    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-23 23:49 . 2013-05-30 18:53    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-23 23:49 . 2012-07-16 21:02    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-23 23:49 . 2012-07-16 21:01    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-23 23:49 . 2012-07-16 21:01    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-13 21:46 . 2012-07-24 04:01    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:46 . 2011-10-21 07:13    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 13:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A90EF874-D8F4-653A-B396-CDFC7CDFF513}]
c:\program files (x86)\best-markit\170.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d332cff8-358e-4c9e-8af3-a08872ef22c1}]
2014-05-22 23:14    249632    ----a-w-    c:\program files (x86)\ScanTack\ScanTackBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f1abf166-ad38-4bcf-9844-c22b50874909}]
2014-03-24 10:32    1103432    ----a-w-    c:\program files (x86)\ZappAddon\IE\ZappAddon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{f1abf166-ad38-4bcf-9844-c22b50874909}"= "c:\program files (x86)\ZappAddon\IE\ZappAddon.dll" [2014-03-24 1103432]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{f1abf166-ad38-4bcf-9844-c22b50874909}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{93b3a696-a570-446b-afb9-1442b2e20003}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"BackgroundContainer"="c:\users\RAC\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
"uTorrent"="c:\users\RAC\AppData\Roaming\uTorrent\uTorrent.exe" [2014-05-22 1272400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"fst_en_105"="c:\program files (x86)\fst_en_105\fst_en_105.exe" [2014-05-08 3983312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upfst_en_105.exe"="c:\users\RAC\AppData\Local\fst_en_105\upfst_en_105.exe" [2014-05-08 3267568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0aswBoot.exe /M:48c219410 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 hlnfd;hlnfd;c:\windows\system32\drivers\hlnfd.sys;c:\windows\SYSNATIVE\drivers\hlnfd.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 best-markit;best-markit;c:\program files (x86)\best-markit\best-markitXX170.exe;c:\program files (x86)\best-markit\best-markitXX170.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Update ScanTack;Update ScanTack;c:\program files (x86)\ScanTack\updateScanTack.exe;c:\program files (x86)\ScanTack\updateScanTack.exe [x]
S2 Util ScanTack;Util ScanTack;c:\program files (x86)\ScanTack\bin\utilScanTack.exe;c:\program files (x86)\ScanTack\bin\utilScanTack.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 20:26    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 21:46]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23 21:09]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23 21:09]
.
2014-06-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-23 23:49    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&CUI=UN27610208511793329&ctid=CT3272718
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2014-05-22 11:57; {c22c1a80-3af2-449c-a94e-e15e7686e0ed}; c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708736227-2111386937-3921986071-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f1abf166-ad38-4bcf-9844-c22b50874909}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-3708736227-2111386937-3921986071-1000)
@Allowed: (Read) (S-1-15-3-4096)
@Allowed: (Read) (RestrictedCode)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-12  15:58:46
ComboFix-quarantined-files.txt  2014-06-12 19:58
ComboFix2.txt  2014-06-11 21:59
.
Pre-Run: 232,754,638,848 bytes free
Post-Run: 232,829,132,800 bytes free
.
- - End Of File - - 89AA90AFF2A6057A754C86A3452F2E3F
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

 

RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RAC [Admin rights]
Mode : Scan -- Date : 02/21/2013 15:08:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]
[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][BLPATH] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.ProgFiles ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22JJ5T0 ATA Device +++++
--- User ---
[MBR] 913aaa81e60c9580d2ab551025b89022
[BSP] 432008425ab4632632e40f2c28f793a5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 289783 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02212013_02d1508.txt >>
RKreport[1]_S_02212013_02d1508.txt
 



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 June 2014 - 03:58 PM

Hi electriccrayon,

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

Also in the Control Panel

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • OptimizerPro

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 electriccrayon

electriccrayon

    Authentic Member

  • Authentic Member
  • PipPip
  • 159 posts

Posted 13 June 2014 - 02:18 PM

# AdwCleaner v3.212 - Report created 13/06/2014 at 15:14:30
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RAC - RAC-PC
# Running from : C:\Users\RAC\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : best-markit
[#] Service Deleted : hlnfd
[#] Service Deleted : Update ScanTack
[#] Service Deleted : Util ScanTack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\Program Files (x86)\best-markit
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\ScanTack
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\ZappAddon
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\Program Files (x86)\fst_en_105
Folder Deleted : C:\Program Files\ZappAddon
Folder Deleted : C:\Users\RAC\AppData\Local\Conduit
Folder Deleted : C:\Users\RAC\AppData\Local\fst_en_105
Folder Deleted : C:\Users\RAC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\RAC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\RAC\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\RAC\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\RAC\AppData\Roaming\SimplyTech
Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Smartbar
Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc
Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\END
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\Conduit.xml
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\user.js
File Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Browser Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_en_105]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[#] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7B825AF-29BD-4168-9473-B3CDB6D98FA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E515CF56-BDAB-41CF-9161-A0CF039C3BCE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F1ABF166-AD38-4BCF-9844-C22B50874909}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ScanTack
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ScanTack
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_en_105_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\prefs.js ]

Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349225952,\"uuid\":703884818253742,\"seq_id\":1,\"ssb\":1349225952}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.UserID", "UN20423037375971824");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "VHVlIE9jdCAwMiAyMDEyIDIwOjU5OjA5IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.homepageuserchanged", true);
Line Deleted : user_pref("CT3220468.installId", "fft569A.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN20423037375971824&SSPV=NT_FF_RD&Lay=1&UM=[...]
Line Deleted : user_pref("CT3220468.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3220468.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2MjUwOTA0ODA2Ng==");
Line Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjMuMQ==");
Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2MjUwOTA0NTU1Mw==");
Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "NmJjMGM2NGQtYjI4YS00ZjlmLWIxNmEtOWNhZDJlMGNjYjZk");
Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.aol.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"AOL.com%20-%20News%2C%20Sports%2C%20Weather%2C%20Entertainment%2C%20Local[...]
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362093755168");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353481258236");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1362509919323");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361506372755");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1362510382673");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353496123815");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359487082238");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362509919334");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361506373092");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1362509919185");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1362509918998");
Line Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1362510385177");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361506372953");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1362509919286");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1362509919669");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "1");
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "3-10-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "5-3-2013");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjI1MTAyMDA0MTcsLCxqYXZhc2NyaXB0OnZvaWQoKTs6OjpjbGlja2hhbmRsZXI6OjoxMzYyNTEwMjY4MDUzLCwsamF2YXNjcmlw[...]
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362510379676,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3272718.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3272718.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3272718.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.FirstTime", "true");
Line Deleted : user_pref("CT3272718.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3272718.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3272718.UserID", "UN11995688693529235");
Line Deleted : user_pref("CT3272718.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3272718.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3272718.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3272718.autoDisableScopes", -1);
Line Deleted : user_pref("CT3272718.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3272718.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3272718.embeddedsData", "[{\"appId\":\"130004885110157816\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3272718.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3272718.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3272718.fixUrls", true);
Line Deleted : user_pref("CT3272718.installDate", "8/2/2013 2:29:43");
Line Deleted : user_pref("CT3272718.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3272718.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3272718.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3272718.keyword", "true");
Line Deleted : user_pref("CT3272718.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3272718.mam_gk_CouponBuddy_appState.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_PriceGong_appState.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_currentVersion.enc", "MS40LjMuMQ==");
Line Deleted : user_pref("CT3272718.mam_gk_first_time.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3272718.mam_gk_lastLoginTime.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3272718.mam_gk_userId.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3272718.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3272718.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3272718%26SearchSource%3D13%26CUI%3DUN11995688693529235\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3272718.search.searchAppId", "130004885110157816");
Line Deleted : user_pref("CT3272718.search.searchCount", "0");
Line Deleted : user_pref("CT3272718.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3272718.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3272718\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362509721414");
Line Deleted : user_pref("CT3272718.serviceLayer_services_appsMetadata_lastUpdate", "1362509721459");
Line Deleted : user_pref("CT3272718.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362509721264");
Line Deleted : user_pref("CT3272718.serviceLayer_services_location_lastUpdate", "1362509719794");
Line Deleted : user_pref("CT3272718.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362509721474");
Line Deleted : user_pref("CT3272718.serviceLayer_services_searchAPI_lastUpdate", "1362509719509");
Line Deleted : user_pref("CT3272718.serviceLayer_services_serviceMap_lastUpdate", "1362509718848");
Line Deleted : user_pref("CT3272718.serviceLayer_services_setupAPI_lastUpdate", "1362509721725");
Line Deleted : user_pref("CT3272718.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362509721148");
Line Deleted : user_pref("CT3272718.serviceLayer_services_toolbarSettings_lastUpdate", "1362509719525");
Line Deleted : user_pref("CT3272718.serviceLayer_services_translation_lastUpdate", "1362509721428");
Line Deleted : user_pref("CT3272718.settingsINI", true);
Line Deleted : user_pref("CT3272718.smartbar.CTID", "CT3272718");
Line Deleted : user_pref("CT3272718.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3272718.smartbar.homepage", "true");
Line Deleted : user_pref("CT3272718.smartbar.toolbarName", "MixiDJ ");
Line Deleted : user_pref("CT3272718.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3272718_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362509715931,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_this_page_46541;");
Line Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Line Deleted : user_pref("aol_toolbar.cookie.search", "");
Line Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020");
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013");
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{415FDD58-E2DB-B7A3-3D58-DA7B4DE31922}");
Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "5");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "2");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Line Deleted : user_pref("aol_toolbar.metrics.log", false);
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "5");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "3");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Line Deleted : user_pref("aol_toolbar.relatednews.active", true);
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1362510379226");
Line Deleted : user_pref("aol_toolbar.reset.flag", "3");
Line Deleted : user_pref("aol_toolbar.reset.style", "A");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1362509800031");
Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Line Deleted : user_pref("aol_toolbar.rtw.active", false);
Line Deleted : user_pref("aol_toolbar.rtw.enabled", "1");
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "05-03-2013");
Line Deleted : user_pref("aol_toolbar.search.instd", "20130207161007064");
Line Deleted : user_pref("aol_toolbar.search.newtab", true);
Line Deleted : user_pref("aol_toolbar.search.oid", "05-03-2013");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.skin.custom", false);
Line Deleted : user_pref("aol_toolbar.skins.enabled", true);
Line Deleted : user_pref("aol_toolbar.surf.date", "12");
Line Deleted : user_pref("aol_toolbar.surf.enabled", "0");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "5");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "2");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "12");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Deleted : user_pref("aol_toolbar.surf.show", true);
Line Deleted : user_pref("aol_toolbar.surf.total", "12");
Line Deleted : user_pref("aol_toolbar.surf.week", "12");
Line Deleted : user_pref("aol_toolbar.surf.year", "12");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.ticker.enabled", true);
Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.degc", "9");
Line Deleted : user_pref("aol_toolbar.weather.degf", "48");
Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Line Deleted : user_pref("aol_toolbar.weather.update", "1362510379244");
Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
Line Deleted : user_pref("aol_toolbar.xxx", "");
Line Deleted : user_pref("browser.search.defaultenginenameS", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngineS", "WebSearch");
Line Deleted : user_pref("ct3272718.UserID", "UN11995688693529235");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN11995688693529235");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN11995688693529235&q=");
Line Deleted : user_pref("smartbar.machineId", "ZJOMUCB62WJWCSALCW7UIVDHZIQBA9Z0WA2Z3AQXPVE+QSOCYBAVFPUQD2HID9TNKZTQLBWTTBZEYGGB5VFO3G");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bacmhbpcpggpejckjicbghlgdlhgelbc
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda

*************************

AdwCleaner[R0].txt - [36941 octets] - [13/06/2014 15:10:51]
AdwCleaner[S0].txt - [36021 octets] - [13/06/2014 15:14:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36082 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by RAC on Fri 06/13/2014 at 15:29:14.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81183CBD-53CF-44D1-99D5-2BB807655838}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B29E0E20-4B55-4744-AF5C-AA720A59FFA5}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho330C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6151.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6427.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6527.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6727.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho68ED.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho745E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCD0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCD21.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\RAC\appdata\locallow\simplytech"
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{42430F79-1F7C-4D99-995A-6D11CDB7EF2B}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{4503469E-FE5B-44D8-BCF0-9A6B8EE787C0}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{45AC1013-948C-4F0C-9AD6-DD5BE7AE9B1D}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{86A32F04-BE7C-4DE9-9958-2AED35272E97}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{93EE5557-7980-44B6-95AA-0C1ABE7177BE}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{C1876D38-6526-49DA-A910-2EA3B67AE2B9}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{DF30803A-782F-4544-9522-10B7CFDE8C1B}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{F258958B-A34A-42F6-97AB-4837B0E26DFE}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\RAC\AppData\Roaming\mozilla\firefox\profiles\nlh1noug.default\extensions\staged
Emptied folder: C:\Users\RAC\AppData\Roaming\mozilla\firefox\profiles\nlh1noug.default\minidumps [36 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/13/2014 at 15:56:15.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by RAC (administrator) on RAC-PC on 13-06-2014 16:10:41
Running from C:\Users\RAC\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(BitTorrent Inc.) C:\Users\RAC\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [uTorrent] => C:\Users\RAC\AppData\Roaming\uTorrent\uTorrent.exe [1267536 2014-06-13] (BitTorrent Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:48c219410 /wow /dir:C:\Program
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: best-markit - {A90EF874-D8F4-653A-B396-CDFC7CDFF513} - C:\Program Files (x86)\best-markit\170.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default
FF DefaultSearchEngine: AOL Search
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\aol-search.xml
FF Extension: Zapp - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed} [2014-05-22]
FF Extension: ScanTack - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}.xpi [2014-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-16]
FF HKCU\...\Firefox\Extensions: [{3FC12FD8-623B-B4F1-94D5-E0688217340C}] - C:\Program Files (x86)\best-markit\170.xpi

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (No Name) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc [2014-05-22]
CHR Extension: (YouTube) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (best-markit) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olimhpiccpogaohkijonbfajaggkegig [2014-05-22]
CHR Extension: (Gmail) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-23]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-23] (AVAST Software)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-23] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-05-16] (StdLib)
S3 catchme; \??\C:\electriccrayonCF\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 16:10 - 2014-06-13 16:12 - 00014397 _____ () C:\Users\RAC\Downloads\FRST.txt
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 ____D () C:\FRST
2014-06-13 16:08 - 2014-06-13 16:09 - 02081792 _____ (Farbar) C:\Users\RAC\Downloads\FRST64.exe
2014-06-13 15:56 - 2014-06-13 15:56 - 00003578 _____ () C:\Users\RAC\Desktop\JRT.txt
2014-06-13 15:29 - 2014-06-13 15:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 15:24 - 2014-06-13 15:24 - 01016261 _____ (Thisisu) C:\Users\RAC\Downloads\JRT.exe
2014-06-13 15:20 - 2014-06-13 15:20 - 00036219 _____ () C:\Users\RAC\Desktop\AdwCleaner[S0].txt
2014-06-13 15:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 15:10 - 2014-06-13 15:15 - 00000000 ____D () C:\AdwCleaner
2014-06-13 15:09 - 2014-06-13 15:09 - 01333465 _____ () C:\Users\RAC\Downloads\AdwCleaner.exe
2014-06-12 15:58 - 2014-06-12 15:58 - 00024886 _____ () C:\ComboFix.txt
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 03:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 03:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 03:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 03:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 03:29 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:29 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:29 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 03:29 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:29 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:29 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:29 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:29 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:29 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:29 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:29 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 03:29 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:29 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 03:29 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:29 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:29 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:29 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:29 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:29 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 03:29 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:29 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:29 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:29 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:29 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:29 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:29 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:29 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:29 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 03:29 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 03:29 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 03:29 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:29 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:29 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 03:29 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:29 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:29 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:29 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:29 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:29 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:29 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 03:29 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:29 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:29 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:29 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:29 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:29 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:29 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 03:29 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 15:49 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 15:49 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 15:49 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 15:48 - 2014-06-12 15:58 - 00000000 ____D () C:\Qoobox
2014-06-11 15:45 - 2014-06-11 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 15:43 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 15:43 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 15:43 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 15:43 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 15:43 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 15:43 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 15:43 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 15:42 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 15:42 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 15:42 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 15:42 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 15:42 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 15:42 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 15:42 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Users\RAC\Desktop\rkill
2014-06-11 15:36 - 2014-06-11 15:39 - 00002636 _____ () C:\Users\RAC\Desktop\Rkill.txt
2014-06-11 15:35 - 2014-06-11 15:35 - 00000672 _____ () C:\Users\RAC\Desktop\electriccrayonCF - Shortcut.lnk
2014-06-11 15:35 - 2014-06-11 15:35 - 00000591 _____ () C:\Users\RAC\Desktop\rkill - Shortcut.lnk
2014-06-04 16:04 - 2014-06-04 16:04 - 04708380 _____ () C:\Users\RAC\Downloads\aswMBR.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00002944 _____ () C:\Windows\System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A}
2014-06-04 16:00 - 2014-06-04 16:01 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck(1).exe
2014-06-04 15:54 - 2014-06-04 15:54 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck.exe
2014-05-29 16:53 - 2014-05-29 16:53 - 00388608 _____ () C:\Users\RAC\Downloads\HiJackThis(1).exe
2014-05-29 16:42 - 2014-05-29 16:42 - 00622744 _____ () C:\Users\RAC\Downloads\dds(2).scr
2014-05-29 16:22 - 2014-05-29 16:23 - 00385688 _____ () C:\Users\RAC\Downloads\HiJackThis.exe
2014-05-23 19:49 - 2014-05-23 19:50 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 19:49 - 2014-05-23 19:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 19:49 - 2014-05-23 19:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-22 21:09 - 2014-05-16 17:43 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
2014-05-22 16:45 - 2014-05-22 16:45 - 00000218 _____ () C:\Users\RAC\AppData\Local\recently-used.xbel
2014-05-22 16:33 - 2014-05-22 16:43 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\deluge
2014-05-22 16:24 - 2014-05-22 16:18 - 00001814 _____ () C:\Users\RAC\Documents\five finger death punch+delug+bittorent+client_1.0(1) - Shortcut.lnk
2014-05-22 16:09 - 2014-05-22 16:10 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0(1).exe
2014-05-22 16:03 - 2014-05-22 16:03 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\dlg
2014-05-22 15:57 - 2014-06-13 15:14 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-05-22 15:57 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-05-22 15:56 - 2014-05-22 15:56 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-22 15:56 - 2014-02-04 07:36 - 00033864 _____ () C:\Windows\Launcher.exe
2014-05-22 15:55 - 2014-05-22 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freeSotfToday
2014-05-22 15:52 - 2014-05-22 15:52 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0.exe
2014-05-22 15:45 - 2014-05-22 15:45 - 00000815 _____ () C:\Users\RAC\Desktop\µTorrent.lnk
2014-05-22 15:45 - 2014-05-22 15:45 - 00000795 _____ () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-17 14:50 - 2014-05-17 14:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-17 13:37 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:37 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:33 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:33 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:33 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:33 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:33 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:33 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:33 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:33 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:33 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:33 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:33 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:33 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:33 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-13 16:12 - 2014-06-13 16:10 - 00014397 _____ () C:\Users\RAC\Downloads\FRST.txt
2014-06-13 16:12 - 2012-07-03 12:22 - 00000000 ____D () C:\Users\RAC\AppData\Local\Temp
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 ____D () C:\FRST
2014-06-13 16:10 - 2012-10-02 20:54 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\uTorrent
2014-06-13 16:09 - 2014-06-13 16:08 - 02081792 _____ (Farbar) C:\Users\RAC\Downloads\FRST64.exe
2014-06-13 16:01 - 2012-07-17 14:00 - 00000252 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-06-13 15:56 - 2014-06-13 15:56 - 00003578 _____ () C:\Users\RAC\Desktop\JRT.txt
2014-06-13 15:46 - 2012-07-24 00:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 15:29 - 2014-06-13 15:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 15:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 15:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 15:24 - 2014-06-13 15:24 - 01016261 _____ (Thisisu) C:\Users\RAC\Downloads\JRT.exe
2014-06-13 15:23 - 2012-07-03 14:10 - 01439249 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 15:20 - 2014-06-13 15:20 - 00036219 _____ () C:\Users\RAC\Desktop\AdwCleaner[S0].txt
2014-06-13 15:20 - 2013-10-23 17:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 15:19 - 2012-07-16 16:02 - 00000000 ____D () C:\ProgramData\clear.fi
2014-06-13 15:18 - 2013-10-23 17:09 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 15:17 - 2010-11-20 23:47 - 00293106 _____ () C:\Windows\PFRO.log
2014-06-13 15:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 15:17 - 2009-07-14 00:51 - 00070419 _____ () C:\Windows\setupact.log
2014-06-13 15:15 - 2014-06-13 15:10 - 00000000 ____D () C:\AdwCleaner
2014-06-13 15:14 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-06-13 15:09 - 2014-06-13 15:09 - 01333465 _____ () C:\Users\RAC\Downloads\AdwCleaner.exe
2014-06-13 14:00 - 2013-02-07 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-13 04:27 - 2013-10-23 17:13 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 23:26 - 2009-07-13 22:34 - 00000537 _____ () C:\Windows\win.ini
2014-06-12 15:58 - 2014-06-12 15:58 - 00024886 _____ () C:\ComboFix.txt
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 15:58 - 2014-06-11 15:48 - 00000000 ____D () C:\Qoobox
2014-06-12 15:52 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 03:07 - 2013-07-15 13:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2012-07-16 17:32 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:01 - 2014-05-03 10:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 17:59 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-11 17:54 - 2014-06-11 15:45 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 15:39 - 2014-06-11 15:36 - 00002636 _____ () C:\Users\RAC\Desktop\Rkill.txt
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Users\RAC\Desktop\rkill
2014-06-11 15:35 - 2014-06-11 15:35 - 00000672 _____ () C:\Users\RAC\Desktop\electriccrayonCF - Shortcut.lnk
2014-06-11 15:35 - 2014-06-11 15:35 - 00000591 _____ () C:\Users\RAC\Desktop\rkill - Shortcut.lnk
2014-06-11 15:35 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 20:23 - 2012-07-16 17:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-08 05:13 - 2014-06-11 15:43 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 15:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 16:04 - 2014-06-04 16:04 - 04708380 _____ () C:\Users\RAC\Downloads\aswMBR.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00002944 _____ () C:\Windows\System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A}
2014-06-04 16:01 - 2014-06-04 16:00 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck(1).exe
2014-06-04 15:54 - 2014-06-04 15:54 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck.exe
2014-05-30 06:21 - 2014-06-12 03:29 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-12 03:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-12 03:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-12 03:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-12 03:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-12 03:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-12 03:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-12 03:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-12 03:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-12 03:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-12 03:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-12 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-12 03:29 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-12 03:29 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-12 03:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-12 03:29 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-12 03:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-12 03:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-12 03:30 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-12 03:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-12 03:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-12 03:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-12 03:29 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-12 03:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-12 03:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-12 03:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-12 03:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-12 03:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-12 03:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-12 03:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-12 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-12 03:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-12 03:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-12 03:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-12 03:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-12 03:29 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-12 03:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-12 03:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-12 03:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-12 03:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-12 03:29 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-12 03:29 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-12 03:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-12 03:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-12 03:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-12 03:29 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-12 03:29 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-12 03:29 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-12 03:29 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-12 03:29 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-12 03:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-12 03:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 18:11 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-29 16:53 - 2014-05-29 16:53 - 00388608 _____ () C:\Users\RAC\Downloads\HiJackThis(1).exe
2014-05-29 16:42 - 2014-05-29 16:42 - 00622744 _____ () C:\Users\RAC\Downloads\dds(2).scr
2014-05-29 16:28 - 2013-02-07 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 16:23 - 2014-05-29 16:22 - 00385688 _____ () C:\Users\RAC\Downloads\HiJackThis.exe
2014-05-23 19:50 - 2014-05-23 19:49 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-23 19:49 - 2014-05-23 19:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 19:49 - 2014-05-23 19:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-23 19:49 - 2013-05-30 14:53 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 19:49 - 2013-05-30 14:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 19:49 - 2012-07-16 17:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-23 19:49 - 2012-07-16 17:01 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-23 19:49 - 2012-07-16 17:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-22 16:45 - 2014-05-22 16:45 - 00000218 _____ () C:\Users\RAC\AppData\Local\recently-used.xbel
2014-05-22 16:43 - 2014-05-22 16:33 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\deluge
2014-05-22 16:18 - 2014-05-22 16:24 - 00001814 _____ () C:\Users\RAC\Documents\five finger death punch+delug+bittorent+client_1.0(1) - Shortcut.lnk
2014-05-22 16:10 - 2014-05-22 16:09 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0(1).exe
2014-05-22 16:03 - 2014-05-22 16:03 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\dlg
2014-05-22 15:57 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-05-22 15:56 - 2014-05-22 15:56 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-22 15:56 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-22 15:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-22 15:55 - 2014-05-22 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freeSotfToday
2014-05-22 15:52 - 2014-05-22 15:52 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0.exe
2014-05-22 15:45 - 2014-05-22 15:45 - 00000815 _____ () C:\Users\RAC\Desktop\µTorrent.lnk
2014-05-22 15:45 - 2014-05-22 15:45 - 00000795 _____ () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-22 15:42 - 2012-07-03 12:25 - 00000000 ___RD () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 15:42 - 2012-07-03 12:25 - 00000000 ___RD () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 14:50 - 2014-05-17 14:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-16 17:43 - 2014-05-22 21:09 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys

Some content of TEMP:
====================
C:\Users\RAC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 02:55

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by RAC at 2014-06-13 16:13:31
Running from C:\Users\RAC\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
best-markit (HKLM-x32\...\B4051294-8032-41FB-4EDF-248BBAECA181) (Version:  - best-markit-software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{EBF97BCD-7BA6-44B6-A8A7-358BA3592B09}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zapp 5.7 (HKLM-x32\...\{7dd964ce-bd82-4752-80e4-5ab17ee135bf}_is1) (Version: 5.7 - SimplyTech LTD)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points  =========================

07-05-2014 22:20:51 Windows Update
10-05-2014 16:09:58 Windows Update
17-05-2014 17:19:16 Windows Update
21-05-2014 18:39:30 Windows Update
23-05-2014 23:44:49 avast! antivirus system restore point
30-05-2014 19:21:25 Windows Update
08-06-2014 07:12:06 Scheduled Checkpoint
11-06-2014 19:39:02 Windows Update
12-06-2014 07:00:14 Windows Update
13-06-2014 07:00:19 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-06-11 17:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1C68960D-EB94-42C3-BC61-C6FD8EB46B35} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {2CFACAF5-488A-44FD-B7CF-67F35AA62A9C} - System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A} => C:\Users\RAC\Downloads\SecurityCheck(1).exe [2014-06-04] ()
Task: {3C02EC9B-7147-4938-B3D7-86F98D5201A1} - \Browser Updater\Zapp Browser Updater No Task File <==== ATTENTION
Task: {3DAC7A82-5737-4916-8DE0-C840BF4A3A6B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {3F59A8E1-AE4B-4DC5-A532-837340355291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {3FCEA491-C7CF-4F41-A607-78D2C934DC56} - System32\Tasks\AdobeAAMUpdater-1.0-RAC-PC-RAC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {58D5F89C-5A60-4732-AD7C-19631BFDAF8B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6BF9F029-B84A-4E7E-B867-061FF2F1969C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {728DA6B7-8078-40A2-8CF9-DCC132E51767} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZappAddon\WConnectorHandler.exe
Task: {72E0539C-B0AD-4573-A618-5B4D9922E62B} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {76D4E9F9-6945-421A-9AA4-79528511F58D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {82360D75-2C27-4032-B293-6228565FC7BD} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {90511061-24A6-4918-B39B-4CAECA3BEA5A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23] (AVAST Software)
Task: {A4232A0C-F51C-4A87-8211-E883434843FA} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {D9B94311-45AA-4564-9223-FB176083617D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F44063E4-5A26-4157-B3CD-1F4991A0E8C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-06-13 07:43 - 2014-06-13 07:43 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 21:03 - 2011-08-24 21:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-10-23 14:06 - 2013-10-23 14:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-29 23:32 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-02-07 17:29 - 2014-05-13 17:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-13 17:46 - 2014-05-13 17:46 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-11 17:49:58.790
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\electriccrayonCF\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-11 17:49:57.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\electriccrayonCF\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 76%
Total physical RAM: 1770.9 MB
Available physical RAM: 423.36 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1794.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:216.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A376D8FD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 June 2014 - 09:16 PM

Hi electriccrayon,

Please update me on what if anything you plan to do with uTorrent/BitTorrent. (Keep or Remove)

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Best-Markit
  • Zapp 5.7
=========================

bullseye_zpse9eaf36e.gif Disable FireFox plug-in
  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to disable.
    • ScanTack
    • Best-Markit
    • Zapp Browser Updater
  • Click the Disable button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================

bullseye_zpse9eaf36e.gif Disable Plug-ins in Google Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Locate the Privacy Section, select Content Settings
  • In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
  • Locate the following plug-ins and set them to Disable:
    • Best-Markit
  • Exit Chrome settings menu.
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt


GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO-x32: best-markit - {A90EF874-D8F4-653A-B396-CDFC7CDFF513} - C:\Program Files (x86)\best-markit\170.dll No File
FF Extension: ScanTack - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}.xpi [2014-05-22]
FF HKCU\...\Firefox\Extensions: [{3FC12FD8-623B-B4F1-94D5-E0688217340C}] - C:\Program Files (x86)\best-markit\170.xpi
CHR Extension: (best-markit) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olimhpiccpogaohkijonbfajaggkegig [2014-05-22]
Task: {3C02EC9B-7147-4938-B3D7-86F98D5201A1} - \Browser Updater\Zapp Browser Updater No Task File <==== ATTENTION
Task: {58D5F89C-5A60-4732-AD7C-19631BFDAF8B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
FF Extension: Zapp - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed} [2014-05-22]
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt
  • How is the computer performing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users